CVE-1999-1333

Name of the Vulnerable Software and Affected Versions: ncftp versions 2.4.2 and earlier

Description: The issue concerns the automatic download option in the ncftp FTP client, which allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.

Recommendations: For ncftp version 2.4.2 and earlier, consider disabling the automatic download option to prevent exploitation until a patch is available. Restrict access to the FTP client to minimize the risk of exploitation. Avoid using the automatic download feature for files from untrusted sources.