ports/75782: ftp/tnftp: Security update
Tom McLaughlin
tmclaugh at sdf.lonestar.org
Tue Jan 4 07:30:27 UTC 2005
>Number: 75782
>Category: ports
>Synopsis: ftp/tnftp: Security update
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 04 07:30:27 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Tom McLaughlin
>Release: FreeBSD 5.3-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD 5.3-RELEASE-p2 #0: Sat Jan 1 23:58:43 EST 2005
root at compass.straycat.dhs.org:/usr/obj/usr/src/sys/COMPASS
>Description:
Attached is a patch to update tnftp to version 20050103 which address
the security vulnerability noted here:
http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132
An patch to the vuln.xml file in the vuxml port is also attached.
>How-To-Repeat:
>Fix:
--- tnftp-20050103.diff begins here ---
Index: Makefile
===================================================================
RCS file: /ncvs/ports/ftp/tnftp/Makefile,v
retrieving revision 1.2
diff -u -r1.2 Makefile
--- Makefile 19 Apr 2004 08:43:01 -0000 1.2
+++ Makefile 4 Jan 2005 07:15:02 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= tnftp
-PORTVERSION= 20030825
+PORTVERSION= 20050103
CATEGORIES= ftp
MASTER_SITES= ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/
Index: distinfo
===================================================================
RCS file: /ncvs/ports/ftp/tnftp/distinfo,v
retrieving revision 1.1
diff -u -r1.1 distinfo
--- distinfo 16 Apr 2004 23:36:49 -0000 1.1
+++ distinfo 4 Jan 2005 07:15:02 -0000
@@ -1,2 +1,2 @@
-MD5 (tnftp-20030825.tar.gz) = 9b633ae6cacc01dbdadc6b9e3f180b4f
-SIZE (tnftp-20030825.tar.gz) = 277885
+MD5 (tnftp-20050103.tar.gz) = 831d606d4f13f1826675d066f12a4169
+SIZE (tnftp-20050103.tar.gz) = 280575
--- tnftp-20050103.diff ends here ---
--- vuxml_tnftp-entry.diff begins here ---
Index: vuln.xml
===================================================================
RCS file: /ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.434
diff -u -r1.434 vuln.xml
--- vuln.xml 3 Jan 2005 21:48:04 -0000 1.434
+++ vuln.xml 4 Jan 2005 07:14:28 -0000
@@ -32,6 +32,34 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f92e1bbc-5e18-11d9-839a-0050da134090">
+ <topic>tnftp -- mget does not check for directory escapes</topic>
+ <affects>
+ <packages>
+ <name>tnftp</name>
+ <range><eq>20030825</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>When downloading a batch of files from an FTP server the
+ mget command does not check for directory escapes. A
+ specially crafted file on the FTP server could then
+ potentially overwrite an existing file of the user.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://tigger.uic.edu/~jlongs2/holes/tnftp.txt</url>
+ <url>http://cvsweb.netbsd.org/bsdweb.cgi/othersrc/usr.bin/tnftp/src/cmds.c?rev=1.1.1.3&content-type=text/x-cvsweb-markup</url>
+ <url>http://it.slashdot.org/article.pl?sid=04/12/15/2113202</url>
+ <mlist msgid="653D74053BA6F54A81ED83DCF969DF08CFA2AA at pivxes1.pivx.com">http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132</mlist>
+ </references>
+ <dates>
+ <discovery>2004-12-15</discovery>
+ <entry>2005-01-04</entry>
+ </dates>
+ </vuln>
+
<vuln vid="877e918e-5362-11d9-96d4-00065be4b5b6">
<topic>mpg123 -- playlist processing buffer overflow vulnerability</topic>
<affects>
--- vuxml_tnftp-entry.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list