NcFTP automatic download option could allow arbitrary command execution
| ncftp-autodownload-command-execution (7240) |  Medium Risk |
Description:
NcFTP client could allow a remote attacker to execute arbitrary commands on the server, caused by a vulnerability in the automatic download option. A remote attacker could create files with filenames containing shell metacharacters, which would be executed once downloaded by NcFTP's automatic download function.
Platforms Affected:
- NcFTP, NcFTP Client 2.4.2
- RedHat, Linux 5.0
Remedy:
For Red Hat Linux 5.0:
Upgrade to the latest version of NcFTP (2.4.3-1or later), as listed in Red Hat Linux 5.0 General Errata. See References.
Consequences:
Gain Privileges
References:
- BugTraq Mailing List, Thu, 19 Mar 1998 18:49:46 +0100, ncftp 2.4.2 MkDirs bug at http://archives.neohapsis.com/archives/bugtraq/1998_1/0444.html.
- Red Hat Linux 5.0 General Errata, ncftp at http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp.
- CVE-1999-1333: automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.
- OSVDB ID: 6111: NcFTP Shell Metacharacter Command Execution
Reported:
Mar 19, 1998
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net