FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lftp HTML parsing vulnerability

Affected packages
		lftp	<=	2.6.10

Details

VuXML ID	d7af61c8-2cc0-11d8-9355-0020ed76ef5a
Discovery	2003-12-11
Entry	2003-12-12

A buffer overflow exists in lftp which may be triggered when requesting a directory listing from a malicious server over HTTP.

References

CVE Name	CVE-2003-0963
URL	http://lftp.yar.ru/news.html#2.6.10

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.