CVE-2004-1294

Name of the Vulnerable Software and Affected Versions: tnftp version 20030825

Description: The issue allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters, due to a problem in the mget function in cmds.c.

Recommendations: For tnftp version 20030825, consider restricting the use of the mget function until a patch is available to prevent remote FTP servers from overwriting arbitrary files.