Mandrake Linux Security Advisory : krb5 (MDKSA-2003:021)
Critical Nessus Plugin ID 14006
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client.
SolutionUpdate the affected packages.