PT-1999-1654 · Ncftp · Ncftp

Published

1999-12-31

Updated

2016-10-18

CVE-1999-1333

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: ncftp versions 2.4.2 and earlier

Description: The issue concerns the automatic download option in the ncftp FTP client, which allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.

Recommendations: For ncftp version 2.4.2 and earlier, consider disabling the automatic download option to prevent exploitation until a patch is available. Restrict access to the FTP client to minimize the risk of exploitation. Avoid using the automatic download feature for files from untrusted sources.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1333

Affected Products

Ncftp

PT-1999-1654 · Ncftp · Ncftp

CVE-1999-1333

Related Identifiers

Affected Products

References · 5