wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
| Software | From | Fixed in |
|---|---|---|
| university_of_washington / wu-ftpd | 2.6.0 | 2.6.0.x |
| millenux_gmbh / anonftp | 2.8.1 | 2.8.1.x |
| university_of_washington / wu-ftpd | 2.4.2 | 2.4.2.x |
| university_of_washington / wu-ftpd | 2.5.0 | 2.5.0.x |
| redhat / linux | 6.1 | 6.1.x |
| redhat / linux | 5.2 | 5.2.x |
| redhat / linux | 6.0 | 6.0.x |