Problem Description:
A malicious HTTP server could cause ftp(1) to execute
arbitrary commands.
Impact:
When operating on HTTP URIs, the ftp(1) client follows
HTTP redirects, and uses the part of the path after the
last ‘/’ from the last resource it accesses as the output
filename if ‘-o’ is not specified.
If the output file name provided by the server begins
with a pipe (‘|’), the output is passed to popen(3), which
might be used to execute arbitrary commands on the ftp(1)
client machine.