FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3962

This CVE name corresponds to:

Entered Topic
2007-11-05 gftp -- multiple vulnerabilities
2007-08-02 fsplib -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3962 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3962
Phase Assigned(20070725)

Description

Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.

References

Source Reference
MISC http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18
MISC http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22
CONFIRM http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=188252
GENTOO GLSA-200711-01
MANDRIVA MDVSA-2008:018
BID 25034
OSVDB 38569
OSVDB 38570
SECUNIA 26184
SECUNIA 26378
SECUNIA 27501

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.