Description
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
Affected products
- mandrakesoft / mandrake_linux9.0 – 9.0
- mandrakesoft / mandrake_linux8.2 – 8.2
- mandrakesoft / mandrake_linux8.1 – 8.1
- mandrakesoft / mandrake_multi_network_firewall8.2 – 8.2
- MIT / kerberos_ftp_client
- RedHat / linux7.3 – 7.3
- RedHat / linux8.0 – 8.0
- RedHat / linux7.2 – 7.2
- RedHat / linux7.1 – 7.1
- RedHat / linux7.0 – 7.0
- RedHat / linux6.2 – 6.2
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/8114
- VENDOR_ADVISORYhttp://secunia.com/advisories/7979
- MISChttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html
- MISChttp://www.redhat.com/support/errata/RHSA-2003-020.html
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:021