Debian DSA-447-1 : hsftp

NASLDB: Debian DSA-447-1 : hsftp - format string

General

ID: 15284
Name: Debian DSA-447-1 : hsftp – format string

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Ulf HÃ¤rnhammar from the Debian Security Audit Project discovered a
format string vulnerability in hsftp. This vulnerability could be
exploited by an attacker able to create files on a remote server with
carefully crafted names, to which a user would connect using hsftp.
When the user requests a directory listing, particular bytes in memory
could be overwritten, potentially allowing arbitrary code to be
executed with the privileges of the user invoking hsftp.

Note that while hsftp is installed setuid root, it only uses these
privileges to acquire locked memory, and then relinquishes them.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2004-0159
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2004/02/23
Patch Release: 2004/02/22
Plugin Release: 2004/09/29

Plugin

Version: 1.16
Filename: debian_DSA-447.nasl
Filesize: 3421 bytes
MD5 Hash: 678edca363fbcd534dbedad6bb919364

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG