|
|||
Rule General Information |
---|
Release Date: | 2015-10-08 | |
Rule Name: | Netbsd Tnftp Fetch.c Fetch_url Command Execution Vulnerability -3 (CVE-2014-8517) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | |
Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
Affected OS: | FreeBSD, Mac OS | |
Reference: | ExploitDB:43112 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:26.ftp.asc http://seclists.org/oss-sec/2014/q4/459 |