FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gftp -- directory traversal vulnerability

Affected packages
gftp < 2.0.18

Details

VuXML ID 2d8cf857-81ea-11d9-a9e7-0001020eed82
Discovery 2005-02-04
Entry 2005-02-18

A Debian Security Advisory reports:

Albert Puigsech Galicia discovered a directory traversal vulnerability in a proprietary FTP client (CAN-2004-1376) which is also present in gftp, a GTK+ FTP client. A malicious server could provide a specially crafted filename that could cause arbitrary files to be overwritten or created by the client.

References

Bugtraq ID 12539
CVE Name CVE-2005-0372
URL http://www.debian.org/security/2005/dsa-686
URL http://www.gftp.org/changelog.html