On Thu, Jan 15, 2004 at 10:27:27AM +0000, Sergio Dominguez wrote: > http://www.web-hack.ru/exploit/exploit.php?go=126
1. The bug was fixed in 2.6.10
2. To be exploited, lftp should be directed to a malicious http server and
ls command should be executed.
lftp> open http://www.bad-server.com/; ls
There was an announce on security lists some time ago.
--
Alexander.
