Red Hat Bugzilla – Bug 82447
Security issue with krb5 ftp client
Last modified: 2007-11-30 17:06:52 EST
A problem has been found in the Kerberos ftp client. When retrieving a file with a filename beginning with a pipe character, the ftp client will pass the filename to the command shell in a system() call. This could allow a malicious ftp server to write to files outside of the current directory or execute commands as the user running the ftp client. The Kerberos ftp client runs as the default ftp client when the Kerberos package krb5-workstation is installed on a Red Hat Linux Advanced Server distribution. This issue will become public on Jan24
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-021.html