Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1333

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-1999-1333
Last Modified 05 Sep 2008 04:19:16
Published 31 Dec 1999 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1333

Summary

automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.

Vulnerable Systems

Operating System

  • Redhat Linux 5.0


References

BUGTRAQ - 19980319 ncftp 2.4.2 MkDirs bug

CONFIRM - http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp

OSVDB - 6111

XF - ncftp-autodownload-command-execution(7240)


Last Updated: 27 May 2016 10:35:23