IBM AIX FTP Client Pipe Character Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
Patch / RCS
Solaris contains a flaw related to the FTP client. The issue is triggered when a remote attacker uploads a file that starts with the '|' (pipe) character, which will cause the contents of the file to be executed as a shell script.
Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: remove SUID bit from 'ftp' binary, but note that it will cause the FTP client to not function properly.