diff options
author | simon <simon@FreeBSD.org> | 2005-02-19 04:37:19 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2005-02-19 04:37:19 +0800 |
commit | 680a626fbc42f5de595de3f2189d1cc9b3e99a70 (patch) | |
tree | 603b6363dc7321100e583588f1e8d16e16ea2fcc /security | |
parent | 6076fe578cf8d8d3ff36e35a5ef7e80b85dacbc0 (diff) | |
download | freebsd-ports-graphics-680a626fbc42f5de595de3f2189d1cc9b3e99a70.tar.gz freebsd-ports-graphics-680a626fbc42f5de595de3f2189d1cc9b3e99a70.tar.zst freebsd-ports-graphics-680a626fbc42f5de595de3f2189d1cc9b3e99a70.zip |
Document a directory traversal vulnerability in gftp.
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 9becd3d1eae..c1e9e0ad87e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,39 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2d8cf857-81ea-11d9-a9e7-0001020eed82"> + <topic>gftp -- directory traversal vulnerability</topic> + <affects> + <package> + <name>gftp</name> + <range><lt>2.0.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Debian Security Advisory reports:</p> + <blockquote cite="http://www.debian.org/security/2005/dsa-686"> + <p>Albert Puigsech Galicia discovered a directory traversal + vulnerability in a proprietary FTP client (CAN-2004-1376) + which is also present in gftp, a GTK+ FTP client. A + malicious server could provide a specially crafted + filename that could cause arbitrary files to be + overwritten or created by the client.</p> + </blockquote> + </body> + </description> + <references> + <bid>12539</bid> + <cvename>CAN-2005-0372</cvename> + <url>http://www.debian.org/security/2005/dsa-686</url> + <url>http://www.gftp.org/changelog.html</url> + </references> + <dates> + <discovery>2005-02-04</discovery> + <entry>2005-02-18</entry> + </dates> + </vuln> + <vuln vid="20c9bb14-81e6-11d9-a9e7-0001020eed82"> <topic>opera -- "data:" URI handler spoofing vulnerability</topic> <affects> |