This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated lftp packages are now available that fix a buffer overflow
lftp is a command-line file transfer program supporting FTP and HTTP
Ulf HÃ¤rnhammar discovered a buffer overflow bug in versions of lftp
up to and including 2.6.9. An attacker could create a carefully
crafted directory on a website such that, if a user connects to that
directory using the lftp client and subsequently issues a 'ls' or
'rels' command, the attacker could execute arbitrary code on the users
machine. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0963 to this issue.
Users of lftp are advised to upgrade to these erratum packages, which
contain a backported security patch and are not vulnerable to this
Red Hat would like to thank Ulf HÃ¤rnhammar for discovering and
alerting us to this issue.
See also :
Update the affected lftp package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12441 ()
CVE ID: CVE-2003-0963
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.