Launchpad.net

CVE 2007-3962

Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.

Related bugs and status

CVE-2007-3962 (Candidate) is related to these bugs:

Bug #185040: [gftp] [CVE-2007-3961] [CVE-2007-3962] possible execution of arbitrary code or DoS

Summary				In	Importance	Status
	185040	[gftp] [CVE-2007-3961] [CVE-2007-3962] possible execution of arbitrary code or DoS		gftp (Ubuntu)	Low	Won't Fix
	185040	[gftp] [CVE-2007-3961] [CVE-2007-3962] possible execution of arbitrary code or DoS		gftp (Gentoo Linux)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 25034
SECUNIA: 26184
SECUNIA: 26378
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200711-01
SECUNIA: 27501
MANDRIVA: MDVSA-2008:018
OSVDB: 38569
OSVDB: 38570
MISC: http://fsp.cvs.sourcef...
MISC: http://fsp.cvs.sourcef...
CONFIRM: http://fsp.cvs.sourcef...