Alerta de Segurança Debian

DSA-686-1 gftp -- sanitização de entrada ausente

Data do Alerta:

17 Fev 2005

Pacotes Afetados:

gftp

Vulnerável:

Sim

Referência à base de dados de segurança:

No dicionário CVE do Mitre: CVE-2005-0372.

Informações adicionais:

Albert Puigsech Galicia descobriu uma vulnerabilidade de travessia de diretório em um cliente FTP proprietário (CAN-2004-1376), que também está presente no gftp, um cliente FTP em GTK+. Um servidor malicioso poderia disponibilizar um nome de arquivo criado especialmente, que poderia fazer arquivos arbitrários serem sobrescritos ou criados pelo cliente.

Na distribuição estável (woody), este problema foi corrigido na versão 2.0.11-1woody1.

Na distribuição instável (sid), este problema foi corrigido na versão 2.0.18-1.

Nós recomendamos que você atualize seu pacote gftp.

Corrigido em:

Debian GNU/Linux 3.0 (woody)

Fonte:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.dsc; http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.diff.gz; http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_alpha.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_alpha.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_alpha.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_arm.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_arm.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_arm.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_i386.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_i386.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_i386.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_ia64.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_ia64.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_ia64.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_hppa.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_hppa.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_hppa.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_m68k.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_m68k.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_m68k.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_mips.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mips.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_mips.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_mipsel.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_powerpc.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_s390.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_s390.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_s390.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_sparc.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_sparc.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_sparc.deb; http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_sparc.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.