gftp

From: Oscar Haeger (viggenat_private)
Date: Sun Sep 05 1999 - 02:29:15 PDT

Next message: Domas Mituzas: "[Sybase] software vendors do not think about old bugs"

Previous message: X-Force: "Updated Fix Information for Buffer Overflow in Netscape"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.
In gFTP1.13, an FTP-client that ships with RH6.0 the password is displayed in
plain text in the log window and is also saved in plain text if you choose to
save a logfile.
Granted this is not a really big deal but if you save your download-files (and
logfile) on a public area you would be giving away your password.
I have spoken with the author and he has some new versions out which he
recommends that you get and install.
http://gftp.seol.org/
Latest version is 2.0.4 but this particular bug was fixed in 2.0.0.

The reason why I send this to bugtraq is that this ftp-client is (one
of) the default ftp-clients in RH6.0 and if you don't know about it then perhaps
you won't go through the trouble of an upgrade.

//Oscar

Next message: Domas Mituzas: "[Sybase] software vendors do not think about old bugs"
Previous message: X-Force: "Updated Fix Information for Buffer Overflow in Netscape"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:50 PDT