* Technical Description *
Redhat has released a security patch to correct a vulnerability identified in gftp. This flaw is due to an input validation error when handling specially crafted "LIST" commands containing ".." (dot dot) sequences, which could be exploited to conduct directory traversal attacks.
* Affected Products *
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
* Solution *
Use Red Hat Network to download and update your packages :
http://rhn.redhat.com/ * References *
http://www.frsirt.com/english/advisories/2005/0759http://rhn.redhat.com/errata/RHSA-2005-410.html
AlphaOne Technology Support Forums
Author
Logged
