CVE-2003-0041 : Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

Published 2003-02-19 05:00:00

Updated 2024-02-02 15:13:40

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2003-0041

Mandrakesoft » Mandrake Linux » Version: 8.1
cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
Matching versions
Mandrakesoft » Mandrake Linux » Version: 8.2
cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
Matching versions
Mandrakesoft » Mandrake Linux » Version: 9.0
cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
Matching versions
Mandrakesoft » Mandrake Multi Network Firewall » Version: 8.2
cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 6.2
cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 7.0
cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 7.1
cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 7.2
cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 7.3
cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Linux » Version: 8.0
cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
Matching versions
MIT » Kerberos Ftp Client
cpe:2.3:a:mit:kerberos_ftp_client:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.75%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

Jump to