- Issued:
- 2005-06-13
- Updated:
- 2005-06-13
RHSA-2005:410 - Security Advisory
Synopsis
gftp security update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated gFTP package that fixes a directory traversal issue is now
available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Description
gFTP is a multi-threaded FTP client for the X Window System.
A directory traversal bug was found in gFTP. If a user can be tricked into
downloading a file from a malicious ftp server, it is possible to overwrite
arbitrary files owned by the victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0372 to
this issue.
Users of gftp should upgrade to this updated package, which contains a
backported fix for this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 149109 - CAN-2005-0372 directory traversal issue in gftp
CVEs
References
(none)
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| x86_64 | |
| gftp-2.0.17-5.x86_64.rpm | SHA-256: 7c1dcb52ed7235ceb25061b02b5d5c7d265a4a4c649fd4c6821bc162d20a00bd |
| gftp-2.0.17-5.x86_64.rpm | SHA-256: 7c1dcb52ed7235ceb25061b02b5d5c7d265a4a4c649fd4c6821bc162d20a00bd |
| ia64 | |
| gftp-2.0.17-5.ia64.rpm | SHA-256: e6cfa61ee7a8f36c6683d64f7b43f182c13e47bd975b6db34c7c9b7dedadda81 |
| gftp-2.0.17-5.ia64.rpm | SHA-256: e6cfa61ee7a8f36c6683d64f7b43f182c13e47bd975b6db34c7c9b7dedadda81 |
| i386 | |
| gftp-2.0.17-5.i386.rpm | SHA-256: c593d19584b91101ab9220d757a396741ca92c829207ca8d89df75d62a091cce |
| gftp-2.0.17-5.i386.rpm | SHA-256: c593d19584b91101ab9220d757a396741ca92c829207ca8d89df75d62a091cce |
Red Hat Enterprise Linux Server 3
| SRPM | |
|---|---|
| x86_64 | |
| ia64 | |
| i386 |
Red Hat Enterprise Linux Server 2
| SRPM | |
|---|---|
| ia64 | |
| i386 |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| x86_64 | |
| gftp-2.0.17-5.x86_64.rpm | SHA-256: 7c1dcb52ed7235ceb25061b02b5d5c7d265a4a4c649fd4c6821bc162d20a00bd |
| ia64 | |
| gftp-2.0.17-5.ia64.rpm | SHA-256: e6cfa61ee7a8f36c6683d64f7b43f182c13e47bd975b6db34c7c9b7dedadda81 |
| i386 | |
| gftp-2.0.17-5.i386.rpm | SHA-256: c593d19584b91101ab9220d757a396741ca92c829207ca8d89df75d62a091cce |
Red Hat Enterprise Linux Workstation 3
| SRPM | |
|---|---|
| x86_64 | |
| ia64 | |
| i386 |
Red Hat Enterprise Linux Workstation 2
| SRPM | |
|---|---|
| ia64 | |
| i386 |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| x86_64 | |
| gftp-2.0.17-5.x86_64.rpm | SHA-256: 7c1dcb52ed7235ceb25061b02b5d5c7d265a4a4c649fd4c6821bc162d20a00bd |
| i386 | |
| gftp-2.0.17-5.i386.rpm | SHA-256: c593d19584b91101ab9220d757a396741ca92c829207ca8d89df75d62a091cce |
Red Hat Enterprise Linux Desktop 3
| SRPM | |
|---|---|
| x86_64 | |
| i386 |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| s390x | |
| gftp-2.0.17-5.s390x.rpm | SHA-256: e6e6aac6ef33fe96cf3553a0f8016e24132735662114e3cc0050f4c9eae7dff2 |
| s390 | |
| gftp-2.0.17-5.s390.rpm | SHA-256: 5279415ea89fe4a56fd5861325c985f68a77f95f0c28586fb7d01e98117a14d5 |
Red Hat Enterprise Linux for IBM z Systems 3
| SRPM | |
|---|---|
| s390x | |
| s390 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| ppc | |
| gftp-2.0.17-5.ppc.rpm | SHA-256: 71de5278764f470d6f4f0ae3fabffa679e14e1a4f4eedb7d142c7b7e10994f7d |
Red Hat Enterprise Linux for Power, big endian 3
| SRPM | |
|---|---|
| ppc |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
