Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: gftp security update
Advisory ID:       RHSA-2005:410-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-410.html
Issue date:        2005-06-13
Updated on:        2005-06-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0372
- ---------------------------------------------------------------------

1. Summary:

An updated gFTP package that fixes a directory traversal issue is now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

gFTP is a multi-threaded FTP client for the X Window System.

A directory traversal bug was found in gFTP. If a user can be tricked into
downloading a file from a malicious ftp server, it is possible to overwrite
arbitrary files owned by the victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0372 to
this issue.

Users of gftp should upgrade to this updated package, which contains a
backported fix for this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

149109 - CAN-2005-0372 directory traversal issue in gftp

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gftp-2.0.8-5.src.rpm
9ad04edd854e04b291b8ad13cdbb1329  gftp-2.0.8-5.src.rpm

i386:
43668a3d9304b5bd3e1c10089e0d1aad  gftp-2.0.8-5.i386.rpm

ia64:
f6d35d6320d0c829994dfbfd2059acd8  gftp-2.0.8-5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gftp-2.0.8-5.src.rpm
9ad04edd854e04b291b8ad13cdbb1329  gftp-2.0.8-5.src.rpm

ia64:
f6d35d6320d0c829994dfbfd2059acd8  gftp-2.0.8-5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gftp-2.0.8-5.src.rpm
9ad04edd854e04b291b8ad13cdbb1329  gftp-2.0.8-5.src.rpm

i386:
43668a3d9304b5bd3e1c10089e0d1aad  gftp-2.0.8-5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gftp-2.0.8-5.src.rpm
9ad04edd854e04b291b8ad13cdbb1329  gftp-2.0.8-5.src.rpm

i386:
43668a3d9304b5bd3e1c10089e0d1aad  gftp-2.0.8-5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gftp-2.0.14-4.src.rpm
b1f1c96f874c88ca7876bd4b89ea84d8  gftp-2.0.14-4.src.rpm

i386:
d70901a39c11289a7062f74bbddbbf47  gftp-2.0.14-4.i386.rpm

ia64:
25b3c26a26f2ff5f7da7398c76cf1a62  gftp-2.0.14-4.ia64.rpm

ppc:
e8bd14e811c5f61980523908488f517f  gftp-2.0.14-4.ppc.rpm

s390:
0c41a94c255a367ca689550da2fc3f61  gftp-2.0.14-4.s390.rpm

s390x:
8d5cd4377701caf95823a616cdaccb01  gftp-2.0.14-4.s390x.rpm

x86_64:
4f4d275023718ad3999cd454f55ab3ca  gftp-2.0.14-4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gftp-2.0.14-4.src.rpm
b1f1c96f874c88ca7876bd4b89ea84d8  gftp-2.0.14-4.src.rpm

i386:
d70901a39c11289a7062f74bbddbbf47  gftp-2.0.14-4.i386.rpm

x86_64:
4f4d275023718ad3999cd454f55ab3ca  gftp-2.0.14-4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gftp-2.0.14-4.src.rpm
b1f1c96f874c88ca7876bd4b89ea84d8  gftp-2.0.14-4.src.rpm

i386:
d70901a39c11289a7062f74bbddbbf47  gftp-2.0.14-4.i386.rpm

ia64:
25b3c26a26f2ff5f7da7398c76cf1a62  gftp-2.0.14-4.ia64.rpm

x86_64:
4f4d275023718ad3999cd454f55ab3ca  gftp-2.0.14-4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gftp-2.0.14-4.src.rpm
b1f1c96f874c88ca7876bd4b89ea84d8  gftp-2.0.14-4.src.rpm

i386:
d70901a39c11289a7062f74bbddbbf47  gftp-2.0.14-4.i386.rpm

ia64:
25b3c26a26f2ff5f7da7398c76cf1a62  gftp-2.0.14-4.ia64.rpm

x86_64:
4f4d275023718ad3999cd454f55ab3ca  gftp-2.0.14-4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gftp-2.0.17-5.src.rpm
33d5e9f32fd24288b45d621e02daa0f5  gftp-2.0.17-5.src.rpm

i386:
9e9c8b22418ac80d805a43e0d6530fc6  gftp-2.0.17-5.i386.rpm

ia64:
60fbcc6fd5db5d4b468c680d89b52cf3  gftp-2.0.17-5.ia64.rpm

ppc:
f406c09280eac463ce88e5126bb06715  gftp-2.0.17-5.ppc.rpm

s390:
2c7593bcd854a18c2ee08c15c59c8459  gftp-2.0.17-5.s390.rpm

s390x:
d8956d0266bad37b28a7cba9a1ef636f  gftp-2.0.17-5.s390x.rpm

x86_64:
4718135258fd4a5334f6de3516972ae6  gftp-2.0.17-5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gftp-2.0.17-5.src.rpm
33d5e9f32fd24288b45d621e02daa0f5  gftp-2.0.17-5.src.rpm

i386:
9e9c8b22418ac80d805a43e0d6530fc6  gftp-2.0.17-5.i386.rpm

x86_64:
4718135258fd4a5334f6de3516972ae6  gftp-2.0.17-5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gftp-2.0.17-5.src.rpm
33d5e9f32fd24288b45d621e02daa0f5  gftp-2.0.17-5.src.rpm

i386:
9e9c8b22418ac80d805a43e0d6530fc6  gftp-2.0.17-5.i386.rpm

ia64:
60fbcc6fd5db5d4b468c680d89b52cf3  gftp-2.0.17-5.ia64.rpm

x86_64:
4718135258fd4a5334f6de3516972ae6  gftp-2.0.17-5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gftp-2.0.17-5.src.rpm
33d5e9f32fd24288b45d621e02daa0f5  gftp-2.0.17-5.src.rpm

i386:
9e9c8b22418ac80d805a43e0d6530fc6  gftp-2.0.17-5.i386.rpm

ia64:
60fbcc6fd5db5d4b468c680d89b52cf3  gftp-2.0.17-5.ia64.rpm

x86_64:
4718135258fd4a5334f6de3516972ae6  gftp-2.0.17-5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCrX3YXlSAg2UNWIIRAh/aAKC6hnG0gAetBDrjGz+ayC2fjCld9wCgotsf
GoHq9L1/5EsqKzCmk7/Snbg=
=+9EW
-----END PGP SIGNATURE-----