Security 10799 Published by

Red Hat has released a kerberos security update for Red Hat Linux 6.2 - 8.0



A problem has been found in the Kerberos ftp client. When retrieving a file with a filename beginning with a pipe character, the ftp client will pass the filename to the command shell in a system() call. This could allow a malicious ftp server to write to files outside of the current directory or execute commands as the user running the ftp client.
Read more