| <?xml version="1.0" encoding="utf-8"?> |
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
| |
| <glsa id="200406-19"> |
| <title>giFT-FastTrack: remote denial of service attack</title> |
| <synopsis> |
| There is a vulnerability where a carefully crafted signal sent to the |
| giFT-FastTrack plugin will cause the giFT daemon to crash. |
| </synopsis> |
| <product type="ebuild">giFT-FastTrack</product> |
| <announced>June 24, 2004</announced> |
| <revised>May 22, 2006: 02</revised> |
| <bug>54452</bug> |
| <access>remote</access> |
| <affected> |
| <package name="net-p2p/gift-fasttrack" auto="yes" arch="*"> |
| <unaffected range="ge">0.8.7</unaffected> |
| <vulnerable range="le">0.8.6</vulnerable> |
| </package> |
| </affected> |
| <background> |
| <p> |
| giFT-FastTrack is a plugin for the giFT file-sharing application. It |
| allows giFT users to connect to the fasttrack network to share files. |
| </p> |
| </background> |
| <description> |
| <p> |
| Alan Fitton found a vulnerability in the giFT-FastTrack plugin in |
| version 0.8.6 and earlier. It can be used to remotely crash the giFT |
| daemon. |
| </p> |
| </description> |
| <impact type="low"> |
| <p> |
| Attackers may use this vulnerability to perform a Denial of Service |
| attack against the giFT daemon. There is no risk of code execution. |
| </p> |
| </impact> |
| <workaround> |
| <p> |
| There is no known workaround at this time. All users are encouraged to |
| upgrade to the latest available version. |
| </p> |
| </workaround> |
| <resolution> |
| <p> |
| All users should upgrade to the latest available version of |
| gift-fasttrack: |
| </p> |
| <code> |
| # emerge sync |
| |
| # emerge -pv ">=net-p2p/gift-fasttrack-0.8.7" |
| # emerge ">=net-p2p/gift-fasttrack-0.8.7"</code> |
| </resolution> |
| <references> |
| <uri link="http://gift-fasttrack.berlios.de/">giFT-FastTrack announcement</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0604">CVE-2004-0604</uri> |
| </references> |
| <metadata tag="submitter"> |
| koon |
| </metadata> |
| </glsa> |