CVE-2005-0372

Name of the Vulnerable Software and Affected Versions gftp versions prior to 2.0.18 gftp-common (affected versions not specified) gftp-gtk (affected versions not specified) gftp-text (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the gftp package of the Debian GNU/Linux operating system, which can lead to a breach of protected information. These vulnerabilities can be exploited remotely. Specifically, a directory traversal vulnerability in gftp before version 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command, such as /api/ftp/list.

Recommendations For gftp versions prior to 2.0.18, update to version 2.0.18 or later to resolve the issue. For gftp-common, gftp-gtk, and gftp-text, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available. Avoid using the LIST command in the affected API endpoint until the issue is resolved.