Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多家厂商FTP"转换"功能远程执行命令漏洞
Vulnerability Description
一些FTP服务器提供一种"转换"功能,在把文件发送给用户之前,先把文件pipe给一个程序进行处理。 某些FTP服务器配置上存在漏洞,远程攻击者可以利用"转换"功能在服务器上执行任意命令。 FTP客户端请求获取一个文件名,其后跟随.tar/.tar.gz/.Z/.gz的时候,某些FTP Server会自动执行/bin/tar之类的程序去打包、压缩并下载给FTP客户端,这是通过管道实现的。而tar这样的命令有能力执行任意命令,入侵者通过请求一个特殊的文件名而使FTP Server启动远程shell。现在已知在
CVSS Information
N/A
Vulnerability Type
N/A