VULHUB ™

A vulnerability has been reported for ncftpd. The problem occurs in the STAT function when used in conjuction with file globbing. This issue can be triggered by a malicious STAT request for a directory with a filename of excessive length. The problem is due to filename expansion which is due to special characters used during the request. It should be noted that this vulnerability has been reported to exist in version 2.7.1. The vendor has announced that nctpd is in fact not vulnerable to this issue. Symantec has been unable to reproduce this vulnerability.

A vulnerability has been reported for ncftpd. The problem occurs in the STAT function when used in conjuction with file globbing. This issue can be triggered by a malicious STAT request for a directory with a filename of excessive length. The problem is due to filename expansion which is due to special characters used during the request. It should be noted that this vulnerability has been reported to exist in version 2.7.1. The vendor has announced that nctpd is in fact not vulnerable to this issue. Symantec has been unable to reproduce this vulnerability.