Mandrake Linux Security Advisory : lftp (MDKSA-2003:116)
High Nessus Plugin ID 14098
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the 'ls' or 'rels' command on specially prepared directory. This vulnerability exists in lftp versions 2.3.0 through 2.6.9 and is corrected upstream in 2.6.10.
The updated packages are patched to protect against this problem.
SolutionUpdate the affected lftp package.