Remote / Network Access,
Local / Remote,
Loss of Integrity
gFTP contains a flaw that may allow a remote attacker to execute arbitrary code on a gftp user's system. The issue is triggered when an untrusted value is passed to a printf() function in the facility used by its client program to log FTP and HTTP responses. It is possible that the flaw may allow a remote attacker using a remote FTP server to execute arbitrary code on a gftp user's system resulting in a loss of integrity.
Upgrade to version 2.0.8pre1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.