Kerberos Update for Red Hat
Posted on: 01/31/2003 12:52 PM

Red Hat has released a kerberos security update for Red Hat Linux 6.2 - 8.0

A problem has been found in the Kerberos ftp client. When retrieving a file with a filename beginning with a pipe character, the ftp client will pass the filename to the command shell in a system() call. This could allow a malicious ftp server to write to files outside of the current directory or execute commands as the user running the ftp client.


Read more


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/kerberos_update_for_red_hat.html)