Red Hat Bugzilla – Bug 1610349
CVE-2018-10916 lftp: particular remote file names may lead to current working directory erased
Last modified: 2018-08-02 10:56:34 EDT
Improperly sanitized remote file names in lftp, up to version 4.8.3, may lead to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim' system.