blob: d6ae2e0b2857c7e230b3f89bf874737e00331e53 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200501-24">
<title>tnftp: Arbitrary file overwriting</title>
tnftp fails to validate filenames when downloading files, making it
vulnerable to arbitrary file overwriting.
<product type="ebuild">tnftp</product>
<announced>January 14, 2005</announced>
<revised>January 14, 2005: 01</revised>
<package name="net-ftp/tnftp" auto="yes" arch="*">
<unaffected range="ge">20050103</unaffected>
<vulnerable range="lt">20050103</vulnerable>
tnftp is a NetBSD FTP client with several advanced features.
The 'mget' function in cmds.c lacks validation of the filenames
that are supplied by the server.
<impact type="normal">
An attacker running an FTP server could supply clients with
malicious filenames, potentially allowing the overwriting of arbitrary
files with the permission of the connected user.
There is no known workaround at this time.
All tnftp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-ftp/tnftp-20050103&quot;</code>
<uri link="">CAN-2004-1294</uri>
<uri link="">Original Advisory</uri>
<metadata tag="requester" timestamp="Mon, 10 Jan 2005 09:24:54 +0000">
<metadata tag="bugReady" timestamp="Tue, 11 Jan 2005 21:44:41 +0000">
<metadata tag="submitter" timestamp="Wed, 12 Jan 2005 23:35:57 +0000">