COMMAND

	frox buffer overflow

SYSTEMS AFFECTED

	frox 0.6.x

PROBLEM

	On frox@hollo.org dev list :
	

	There is an error in calculating the necessary size for  a  buffer  into
	which cache file header information is written when frox is caching  ftp
	retrievals. This buffer is written into with sprintf, and  may  overflow
	if a hostile ftp server returns a  long  string  in  reply  to  an  MDTM
	request when retrieving a file with a long pathname.  This  could  allow
	arbitrary code to be executed as the user under which  frox  is  running
	(normally not root). There is not currently any known exploit  code  for
	this vulnerability.
	

	An installation is vulnerable if  it  is  running  frox  versions  0.6.0
	through 0.6.6, it has the local caching method selected  in  the  config
	file, and clients make an anonymous ftp  connection  to  a  hostile  ftp
	server and attempt to download a file with a long pathname.
	

	The  vulnerability  only  exists  if  local  caching  is  enabled   (ie.
	\"CacheModule Local\" is set in the config file),  and  commenting  this
	out provides a temporary workaround.

SOLUTION

	Update from :
	 

	http://frox.sourceforge.net/

	http://www.hollo.org/frox