PT-2003-1977 · Lftp · Lftp
Ulf Härnhammar
·
Published
2003-12-17
·
Updated
2017-10-11
·
CVE-2003-0963
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
lftp versions 2.6.9 and earlier
Description
The issue concerns buffer overflows in the try netscape proxy and try squid eplf functions for lftp. Remote HTTP servers can execute arbitrary code via long directory names that are processed by the ls or rels commands.
Recommendations
For lftp versions 2.6.9 and earlier, update to a version later than 2.6.9 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lftp