CVE-2003-0041

CWE-78 — OS Command Injection6 documents6 sources

Severity

10.0CRITICAL

EPSS

1.2%

top 20.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Multi Network Firewall Redhat Linux

Timeline

PublishedFeb 19

Latest updateApr 29

Description

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDredhat/linux6 versions+5

▶NVDmandrakesoft/mandrake_linux8.1, 8.2, 9.0+2

▶NVDmandrakesoft/mandrake_multi_network_firewall8.2

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-8wgq-vhc2-3cqc: Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client↗2022-04-29

▶

CVEList

CVE-2003-0041: Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client↗2003-02-01

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-01-31

▶

Debian

CVE-2003-0041: krb5 - Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe...↗2003

▶

💬Community

Bugzilla

CVE-2003-0041 security flaw↗2018-08-16

▶