CVE-2004-0159

Name of the Vulnerable Software and Affected Versions hsftp version 1.11

Description The issue allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. Multiple vulnerabilities in the hsftp package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For hsftp version 1.11, consider restricting access to the "ls" command until a patch is available to prevent potential exploitation. As a temporary workaround, avoid using file names that contain format string characters to minimize the risk of denial of service or arbitrary code execution.