RCE in Mandrakesoft Mandrake_linux

CVE-2003-0041

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.035 (87.8th percentile) — read the EPSS interpretation.

Affected products

Mandrakesoft Mandrake_linux — versions 8.1, 8.2, 9.0
Mandrakesoft Mandrake_multi_network_firewall — versions 8.2
Mit Kerberos_ftp_client
Redhat Linux — versions 6.2, 7.0, 7.1
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)
cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)
cve@mitre.org (mailing-list, x_refsource_VULNWATCH, Broken Link)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Patch, Broken Link, Vendor Advisory)
cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_MANDRAKE)