Alerta de Segurança Debian
DSA-686-1 gftp -- sanitização de entrada ausente
- Data do Alerta:
- 17 Fev 2005
- Pacotes Afetados:
- gftp
- Vulnerável:
- Sim
- Referência à base de dados de segurança:
- No dicionário CVE do Mitre: CVE-2005-0372.
- Informações adicionais:
-
Albert Puigsech Galicia descobriu uma vulnerabilidade de travessia de diretório em um cliente FTP proprietário (CAN-2004-1376), que também está presente no gftp, um cliente FTP em GTK+. Um servidor malicioso poderia disponibilizar um nome de arquivo criado especialmente, que poderia fazer arquivos arbitrários serem sobrescritos ou criados pelo cliente.
Na distribuição estável (woody), este problema foi corrigido na versão 2.0.11-1woody1.
Na distribuição instável (sid), este problema foi corrigido na versão 2.0.18-1.
Nós recomendamos que você atualize seu pacote gftp.
- Corrigido em:
-
Debian GNU/Linux 3.0 (woody)
- Fonte:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.dsc
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.diff.gz
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11.orig.tar.gz
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_alpha.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_alpha.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_alpha.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_alpha.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_arm.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_arm.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_arm.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_arm.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_i386.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_i386.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_i386.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_i386.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_ia64.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_ia64.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_ia64.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_ia64.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_hppa.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_hppa.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_hppa.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_hppa.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_m68k.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_m68k.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_m68k.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_m68k.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_mips.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mips.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_mips.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_mips.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_s390.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_s390.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_s390.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_s390.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_sparc.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_sparc.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_sparc.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_sparc.deb
- http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_sparc.deb
Checksums MD5 dos arquivos listados estão disponíveis no alerta original.