CVE-2003-0041
MIT Kerberos FTP Client - OS Command Injection via Filename Pipe Character
Title source: llmDescription
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
References (5)
Core 5
Core References
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/8114
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/7979
Broken Link mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html
Broken Link, Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-020.html
Third Party Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:021
Scores
EPSS
0.0123
EPSS Percentile
79.4%
Details
CWE
CWE-78
Status
published
Products (11)
mandrakesoft/mandrake_linux
8.1
mandrakesoft/mandrake_linux
8.2
mandrakesoft/mandrake_linux
9.0
mandrakesoft/mandrake_multi_network_firewall
8.2
mit/kerberos_ftp_client
redhat/linux
6.2
redhat/linux
7.0
redhat/linux
7.1
redhat/linux
7.2
redhat/linux
7.3
... and 1 more
Published
Feb 19, 2003
Tracked Since
Feb 18, 2026