tnftp is vulnerable to remote code execution if output file is not specified.
Package | net-ftp/tnftp on all architectures |
---|---|
Affected versions | < 20141104 |
Unaffected versions | >= 20141104 |
tnftp is a NetBSD FTP client with several advanced features.
The fetch_url function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a
A remote attacker could possibly execute arbitrary code with the privileges of the process.
There is no known workaround at this time.
All tnftp users should upgrade to the latest version:
# emerge --sync # emerge --ask --verbose --oneshot ">=net-ftp/tnftp-20141104"
Release date
November 15, 2016
Latest revision
November 15, 2016: 1
Severity
normal
Exploitable
remote
Bugzilla entries