[原文]automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.
NcFTP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to a flaw in the automatic download option. It is possible that the flaw may allow an remote attacker to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded, resulting in a loss of integrity
Upgrade to version 2.4.3-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.