Home

Main
FSP Servers
FSP Software
FSP Downloads

FSP project
FSP Team
Testers needed
Open tasks
Wizards vs CSH

Mailing lists
Bug Tracker

FSP Documents
Purpose
History
Articles
Today
Future
INFO
FAQ Old | New
FSP Protocol
Quotes

FSP suite
Browse Code
Copyright
Changelog
TODO
Open Hub page

Java library
Browse Code
API
READ.ME
Changelog
Open Hub Page

FSP C library
Browse Code
README
NEWS
Changes
TODO
Open Hub page

FSP proxy
Browse Code
READ.ME
Changelog

PyFSP
Browse Code

FSP entry in
GNU dir
Wikipedia

My projects
FSP Client
Download Machine
Smart Cache
SC Loader
Old programs

SF Logo

SECURITY INFO

Finally months after security bug in fspd was found and fixed, the bug info (and working exploit) was released into public to motivate companies using insecure software to finally update. Here you can find some details.

fspd: Remotely exploitable buffer overflow and directory traversal bugs

  1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1022
  2. http://www.debian.org/security/2004/dsa-416
  3. http://xforce.iss.net/xforce/xfdb/14155
  4. http://xforce.iss.net/xforce/xfdb/14154
  5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0011

This security problem was fixed in FSP 2.8.1 Beta6 (2-Jun-2003). Information in linked reports, that you must have beta18 for fixing this problem, is wrong. For some unknown reasons parties were contacted but still refused to correct this.

Versions 2.8.1 Beta11-Beta13, have another minor security problem that CC_STAT can stat any file outside fsp directory root. You must have modified fstatcmd and client library if you want to exploit this bug; this do not works with stock distro.

FSPLIB Buffer overflow

Buffer overflow in fsplib was found by David Binderman. Fixed in version 0.8. CVE-2006-7221

FSPLIB didnt checked strings returned by server enough. Server sending non \0 terminated strings (violation of FSP protocol) could cause client to segfault and possibly executing of injected code. Fixed in version 0.9. See also Secunia.com advisory