|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-10-08 | |
| Rule Name: | Netbsd Tnftp Fetch.c Fetch_url Command Execution Vulnerability -3 (CVE-2014-8517) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | FreeBSD, Mac OS | |
| Reference: | ExploitDB:43112 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:26.ftp.asc http://seclists.org/oss-sec/2014/q4/459 |