Vulnerabilities

CVE-2007-2348

by Fred · 27/04/2007

mirror –script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

Date published : 2007-04-27

http://www.securityfocus.com/bid/23736

http://bugs.gentoo.org/show_bug.cgi?id=173524

Related

Tags: Cybersecurity Alert