wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_washington | wu-ftpd | 2.5.0 |
| millenux_gmbh | anonftp | 2.8.1 |
| university_of_washington | wu-ftpd | 2.4.2 |
| redhat | linux | 5.2 |
| redhat | linux | 6.1 |
| redhat | linux | 6.0 |
| university_of_washington | wu-ftpd | 2.6.0 |