Kerberos Update for Red Hat
Posted on: 01/31/2003 11:52 AM

Red Hat has released a kerberos security update for Red Hat Linux 6.2 - 8.0

A problem has been found in the Kerberos ftp client. When retrieving a file with a filename beginning with a pipe character, the ftp client will pass the filename to the command shell in a system() call. This could allow a malicious ftp server to write to files outside of the current directory or execute commands as the user running the ftp client.

Read more

Printed from Linux Compatible (