USN-6037-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6037-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6037-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6037-1

Related

Published

2023-04-28T10:19:40.612799Z

Modified

2023-04-28T10:19:40.612799Z

Summary

Apache Commons Net vulnerability

Details

ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private network of the client.

References

Affected packages

Ubuntu:Pro:16.04:LTS / libcommons-net-java

Package

Name: libcommons-net-java
Purl: pkg:deb/ubuntu/libcommons-net-java?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4-2ubuntu2+esm1

Affected versions

3.*

3.3-2

3.4-1

3.4-2

3.4-2ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.4-2ubuntu2+esm1",
            "binary_name": "libcommons-net-java"
        },
        {
            "binary_version": "3.4-2ubuntu2+esm1",
            "binary_name": "libcommons-net-java-doc"
        }
    ]
}

Ubuntu:18.04:LTS / libcommons-net-java

Package

Name: libcommons-net-java
Purl: pkg:deb/ubuntu/libcommons-net-java?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6-1+deb11u1build0.18.04.1

Affected versions

3.*

3.6-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.6-1+deb11u1build0.18.04.1",
            "binary_name": "libcommons-net-java"
        },
        {
            "binary_version": "3.6-1+deb11u1build0.18.04.1",
            "binary_name": "libcommons-net-java-doc"
        }
    ]
}

Ubuntu:20.04:LTS / libcommons-net-java

Package

Name: libcommons-net-java
Purl: pkg:deb/ubuntu/libcommons-net-java?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6-1+deb11u1build0.20.04.1

Affected versions

3.*

3.6-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.6-1+deb11u1build0.20.04.1",
            "binary_name": "libcommons-net-java"
        },
        {
            "binary_version": "3.6-1+deb11u1build0.20.04.1",
            "binary_name": "libcommons-net-java-doc"
        }
    ]
}

Ubuntu:22.04:LTS / libcommons-net-java

Package

Name: libcommons-net-java
Purl: pkg:deb/ubuntu/libcommons-net-java?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6-1+deb11u1build0.22.04.1

Affected versions

3.*

3.6-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.6-1+deb11u1build0.22.04.1",
            "binary_name": "libcommons-net-java"
        },
        {
            "binary_version": "3.6-1+deb11u1build0.22.04.1",
            "binary_name": "libcommons-net-java-doc"
        }
    ]
}