CVE-2003-0963
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/01/2004
Last modified:
03/04/2025
Description
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.9:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://marc.info/?l=bugtraq&m=107126386226196&w=2
- http://marc.info/?l=bugtraq&m=107152267121513&w=2
- http://marc.info/?l=bugtraq&m=107167974714484&w=2
- http://marc.info/?l=bugtraq&m=107177409418121&w=2
- http://marc.info/?l=bugtraq&m=107340499504411&w=2
- http://secunia.com/advisories/10525
- http://secunia.com/advisories/10548
- http://www.debian.org/security/2004/dsa-406
- http://www.mandriva.com/security/advisories?name=MDKSA-2003%3A116
- http://www.novell.com/linux/security/advisories/2003_051_lftp.html
- http://www.redhat.com/support/errata/RHSA-2003-403.html
- http://www.redhat.com/support/errata/RHSA-2003-404.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180
- ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
- http://marc.info/?l=bugtraq&m=107126386226196&w=2
- http://marc.info/?l=bugtraq&m=107152267121513&w=2
- http://marc.info/?l=bugtraq&m=107167974714484&w=2
- http://marc.info/?l=bugtraq&m=107177409418121&w=2
- http://marc.info/?l=bugtraq&m=107340499504411&w=2
- http://secunia.com/advisories/10525
- http://secunia.com/advisories/10548
- http://www.debian.org/security/2004/dsa-406
- http://www.mandriva.com/security/advisories?name=MDKSA-2003%3A116
- http://www.novell.com/linux/security/advisories/2003_051_lftp.html
- http://www.redhat.com/support/errata/RHSA-2003-403.html
- http://www.redhat.com/support/errata/RHSA-2003-404.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180