CVE-2003-0041

Name of the Vulnerable Software and Affected Versions krb5-workstation versions 1.1.1 through 1.2.2 krb5-configs version 1.1.1 krb5-devel versions 1.1.1 through 1.2.2 krb5-server versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 krb5 version 1.1.1 through 1.2.2

Description The issue affects the Kerberos FTP client, allowing remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely.

Recommendations For krb5-workstation versions 1.1.1 through 1.2.2, update to a version that is not affected by this issue. For krb5-configs version 1.1.1, update to a version that is not affected by this issue. For krb5-devel versions 1.1.1 through 1.2.2, update to a version that is not affected by this issue. For krb5-server versions 1.1.1 through 1.2.2, update to a version that is not affected by this issue. For krb5-libs version 1.1.1, update to a version that is not affected by this issue. For krb5 versions 1.1.1 through 1.2.2, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the use of the Kerberos FTP client until a patch is available. Avoid using the Kerberos FTP client to retrieve files from untrusted remote FTP sites.