TITLE
ftp vulnerability with pipe symbols in filenames
/TITLE

SYNOPSIS
By using a filename with a | (pipe symbol) in it, shell commands can
be issued remotely on the machine of a user who is retrieving files
with the FTP client program, from a compromised or malicious ftp
server. This leads to a compromise of the client machine.
/SYNOPSIS

INCIDENTS
sr874929, fz527425, erg712227
/INCIDENTS

ACKNOWLEDGEMENTS
This vulnerability was first published in 1997 on Bugtraq, and was
discovered again by The Hackademy Audit team in September 2002 during
a source code audit. 
/ACKNOWLEDGEMENTS

REFERENCES
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0041
/REFERENCES

#
# The next three items can be thought of as an array of structures.
# The first element in each is the first structure, and so on.
#
PRODUCTS
unixware711
openunix800
unixware713
/PRODUCTS

PACKAGES
erg712227.pkg.Z
erg712227.pkg.Z
erg712227.pkg.Z
/PACKAGES

URL
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3
/URL