How to Buy
This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated lftp packages are now available that fix a buffer overflow
lftp is a command-line file transfer program supporting FTP and HTTP
Ulf Harnhammar discovered a buffer overflow bug in versions of lftp
up to and including 2.6.9. An attacker could create a carefully
crafted directory on a website such that, if a user connects to that
directory using the lftp client and subsequently issues a 'ls' or
'rels' command, the attacker could execute arbitrary code on the users
machine. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0963 to this issue.
Users of lftp are advised to upgrade to these erratum packages, which
contain a backported security patch and are not vulnerable to this
Red Hat would like to thank Ulf Harnhammar for discovering and
alerting us to this issue.
See also :
Update the affected lftp package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12441 ()
CVE ID: CVE-2003-0963
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.