Detections
Analytics

Debian DSA-447-1 : hsftp - format string

high Nessus Plugin ID 15284

Synopsis

The remote Debian host is missing a security-related update.

Description

Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in hsftp. This vulnerability could be exploited by an attacker able to create files on a remote server with carefully crafted names, to which a user would connect using hsftp.
When the user requests a directory listing, particular bytes in memory could be overwritten, potentially allowing arbitrary code to be executed with the privileges of the user invoking hsftp.

Note that while hsftp is installed setuid root, it only uses these privileges to acquire locked memory, and then relinquishes them.

Solution

For the current stable distribution (woody) this problem has been fixed in version 1.11-1woody1.

We recommend that you update your hsftp package.

See Also

http://www.debian.org/security/2004/dsa-447

Plugin Details

Severity: High

ID: 15284

File Name: debian_DSA-447.nasl

Version: 1.23

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:hsftp, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/22/2004

Vulnerability Publication Date: 2/23/2004

Reference Information

CVE: CVE-2004-0159

BID: 9715

DSA: 447