FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gftp -- multiple vulnerabilities

Affected packages
gftp < 2.0.18_6

Details

VuXML ID f8b0f83c-8bb3-11dc-bffa-0016179b2dd5
Discovery 2007-11-01
Entry 2007-11-05
Modified 2007-11-11

Gentoo reports:

Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names.

A remote attacker could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code or a Denial of Service.

References

CVE Name CVE-2007-3961
CVE Name CVE-2007-3962
URL http://www.gentoo.org/security/en/glsa/glsa-200711-01.xml