--------------------------------------------------------------------------
Debian Security Advisory DSA 084-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
October 18th, 2001
--------------------------------------------------------------------------

Package        : gftp
Vulnerability  : Information Retrieval
Problem-Type   : local unauthorized Information Retrieval
Debian-specific: no

Stephane Gaudreault told us that version 2.0.6a of gftp displays the
password in plain text on the screen within the log window when it is
logging into an ftp server.  A malicious collegue who is watching the
screen could gain access to the users shell on the remote machine.

This problem has been fixed by the Security Team in version 2.0.6a-3.2
for the stable Debian GNU/Linux 2.2.

We recommend that you upgrade your gftp package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
------------------------------------

  Source archives:

      
      MD5 checksum: 8eba39ab947712b46756b4e014b72e8c
      
      MD5 checksum: 5b0f8f6b09910a413981fc61fb6cf484
      
      MD5 checksum: 127b1caeacaf342a6f43cfc995b080d6

  Alpha architecture:

      
      MD5 checksum: 8df836bc91543dc8387a88e4dd8bbdff

  ARM architecture:

      
      MD5 checksum: 443740e7141814de14687e8209202275

  Intel ia32 architecture:

      
      MD5 checksum: 674adafc20770c71c53a8b44a4959a25

  Motorola 680x0 architecture:

      
      MD5 checksum: 301a2a4597e2d8b01e6ee2b273647632

  PowerPC architecture:

     
 
      MD5 checksum: d1a65f1efe034f9462bb7bff35d58d58

  Sun Sparc architecture:

      
      MD5 checksum: 630a9b18ff29b6a21778dd9dff9a7b9d


  These files will be moved into the stable distribution on its next
  revision.

---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: 'gftp' unauthorized information retrieval

October 19, 2001
Version 2.0.6a of gftp displays thepassword in plain text on the screen within the log window when it islogging into an ftp server.

Summary

Stephane Gaudreault told us that version 2.0.6a of gftp displays the
password in plain text on the screen within the log window when it is
logging into an ftp server. A malicious collegue who is watching the
screen could gain access to the users shell on the remote machine.

This problem has been fixed by the Security Team in version 2.0.6a-3.2
for the stable Debian GNU/Linux 2.2.

We recommend that you upgrade your gftp package.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
------------------------------------

Source archives:


MD5 checksum: 8eba39ab947712b46756b4e014b72e8c

MD5 checksum: 5b...

Read the Full Advisory

Severity
Package : gftp

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved