Mandriva Linux Security Advisory : gftp (MDVSA-2008:018)
High Nessus Plugin ID 38128
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionKalle Olavi Niemitalo found two boundary errors in the fsplib library, a copy of which is included in gFTP source. A remote attacker could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code (CVE-2007-3962) or a denial of service (CVE-2007-3961).
The updated packages have been patched to correct these issues.
SolutionUpdate the affected gftp package.