| VID |
16025 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
An FTP service of ncftp 2.4.2 version is operating at the corresponding system. While this FTP version has auto download function (get -R) on all directories, the directories are created using system () call while downloading. If the depth of directory is deep in certain cases, it has the vulnerability of having possibility to execute the command causing an unexpected result at the corresponding server.
* References:
http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp |
| Recommendation |
One must install by getting a version replaced as mkdir() function which is not a system () call. Download to install the latest version at the /pub/ncftp directory in ftp://ftp.ncftp.com. |
| Related URL |
CVE-1999-1333 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
7240 (ISS) |
|
