FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f92e1bbc-5e18-11d9-839a-0050da134090tnftp -- mget does not check for directory escapes

When downloading a batch of files from an FTP server the mget command does not check for directory escapes. A specially crafted file on the FTP server could then potentially overwrite an existing file of the user.


Discovery 2004-12-15
Entry 2005-01-07
Modified 2005-01-13
tnftp
< 20050103

CVE-2004-1294
http://tigger.uic.edu/~jlongs2/holes/tnftp.txt
http://cvsweb.netbsd.org/bsdweb.cgi/othersrc/usr.bin/tnftp/src/cmds.c?rev=1.1.1.3&content-type=text/x-cvsweb-markup
http://it.slashdot.org/article.pl?sid=04/12/15/2113202
http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132