GProFTPD GProstats Remote Format String Vulnerability
BID:12588
Info
GProFTPD GProstats Remote Format String Vulnerability
| Bugtraq ID: | 12588 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2005 12:00AM |
| Updated: | Feb 18 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Tavis Ormandy of the Gentoo Linux Security Audit Team. |
| Vulnerable: |
GProFTPD GProFTPD 8.1.7 Gentoo Linux |
| Not Vulnerable: |
GProFTPD GProFTPD 8.1.9 |
Discussion
GProFTPD GProstats Remote Format String Vulnerability
GProftpd gprostats utility is reported prone to a remote format string handling vulnerability.
A remote attacker may exploit this vulnerability to execute arbitrary attacker-supplied code in the context of the affected utility.
This vulnerability is reported to affect GProftpd version 8.1.7 and precious versions.
GProftpd gprostats utility is reported prone to a remote format string handling vulnerability.
A remote attacker may exploit this vulnerability to execute arbitrary attacker-supplied code in the context of the affected utility.
This vulnerability is reported to affect GProftpd version 8.1.7 and precious versions.
Exploit / POC
GProFTPD GProstats Remote Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
GProFTPD GProstats Remote Format String Vulnerability
Solution:
The vendor has released an update to address this vulnerability.
Gentoo has released an advisory (GLSA 200502-26) and an updated eBuild to address this vulnerability. Gentoo users may apply this update by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-ftp/gproftpd-8.1.9"
GProFTPD GProFTPD 8.1.7
Solution:
The vendor has released an update to address this vulnerability.
Gentoo has released an advisory (GLSA 200502-26) and an updated eBuild to address this vulnerability. Gentoo users may apply this update by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-ftp/gproftpd-8.1.9"
GProFTPD GProFTPD 8.1.7
-
GProftpd GProftpd 8.1.9
http://mange.dynup.net/linux.html#Download