FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gftp -- multiple vulnerabilities

Affected packages
gftp < 2.0.18_6


VuXML ID f8b0f83c-8bb3-11dc-bffa-0016179b2dd5
Discovery 2007-11-01
Entry 2007-11-05
Modified 2007-11-11

Gentoo reports:

Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names.

A remote attacker could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code or a Denial of Service.


CVE Name CVE-2007-3961
CVE Name CVE-2007-3962