Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0963

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0963
Last Modified 21 Aug 2010 12:17:27
Published 05 Jan 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0963

Summary

Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.

Vulnerable Systems

Application

  • Alexander V. Lukyanov Lftp 2.3

  • Alexander V. Lukyanov Lftp 2.4.9

  • Alexander V. Lukyanov Lftp 2.5.2

  • Alexander V. Lukyanov Lftp 2.6.0

  • Alexander V. Lukyanov Lftp 2.6.3

  • Alexander V. Lukyanov Lftp 2.6.4

  • Alexander V. Lukyanov Lftp 2.6.5

  • Alexander V. Lukyanov Lftp 2.6.6

  • Alexander V. Lukyanov Lftp 2.6.7

  • Alexander V. Lukyanov Lftp 2.6.8

  • Alexander V. Lukyanov Lftp 2.6.9


References

BUGTRAQ - 20031213 lftp buffer overflows

REDHAT - RHSA-2003:404

SUSE - SuSE-SA:2003:051

DEBIAN - DSA-406

SGI - 20040101-01-U

REDHAT - RHSA-2003:403

MANDRAKE - MDKSA-2003:116

SECUNIA - 10548

SECUNIA - 10525

CONECTIVA - CLA-2004:800

BUGTRAQ - 20031218 GLSA: lftp (200312-07)

BUGTRAQ - 20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp)

BUGTRAQ - 20031212 [slackware-security] lftp security update (SSA:2003-346-01)

SGI - 20040202-01-U


Last Updated: 27 May 2016 10:38:06