FreeBSD Ports: tnftp

Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades. http://tigger.uic.edu/~jlongs2/holes/tnftp.txt http://cvsweb.netbsd.org/bsdweb.cgi/othersrc/usr.bin/tnftp/src/cmds.c?rev=1.1.1.3&content-type=text/x-cvsweb-markup http://it.slashdot.org/article.pl?sid=04/12/15/2113202 http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132 http://www.vuxml.org/freebsd/f92e1bbc-5e18-11d9-839a-0050da134090.html
Insight
The following package is affected: tnftp CVE-2004-1294 The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.