ftp "get" and "mget" commands treat "-" and "|foo..." specially. If get
is given only one argument, or if mget is used, and if the server
filename is "-" or starts with "|", the results will probably not be
what was intended.
Cf. CERT VU 258721, http://www.kb.cert.org/vuls/id/258721 .
Version 1.2.7 is vulnerable. Patch recommended for 1.2.7, as well as
fixing for 1.3.
is given only one argument, or if mget is used, and if the server
filename is "-" or starts with "|", the results will probably not be
what was intended.
Cf. CERT VU 258721, http://www.kb.cert.org/vuls/id/258721 .
Version 1.2.7 is vulnerable. Patch recommended for 1.2.7, as well as
fixing for 1.3.