The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 up to and including 5.1.4, 5.2 up to and including 5.2.2, 6.0 up to and including 6.0.6, and 6.1 up to and including 6.1.5 allows remote malicious users to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x 10.10.1 |
||
apple mac os x 10.10.0 |
||
apple mac os x 10.9.5 |
||
apple mac os x 10.8.5 |
||
netbsd netbsd 5.1.3 |
||
netbsd netbsd 5.1.4 |
||
netbsd netbsd 5.2 |
||
netbsd netbsd 6.0.4 |
||
netbsd netbsd 6.0.5 |
||
netbsd netbsd 6.1.5 |
||
netbsd netbsd 5.1 |
||
netbsd netbsd 6.0 |
||
netbsd netbsd 6.0.1 |
||
netbsd netbsd 6.1.1 |
||
netbsd netbsd 6.1.2 |
||
netbsd netbsd 5.2.1 |
||
netbsd netbsd 5.2.2 |
||
netbsd netbsd 6.0.6 |
||
netbsd netbsd 6.1 |
||
netbsd netbsd 5.1.1 |
||
netbsd netbsd 5.1.2 |
||
netbsd netbsd 6.0.2 |
||
netbsd netbsd 6.0.3 |
||
netbsd netbsd 6.1.3 |
||
netbsd netbsd 6.1.4 |
Linux bods thankful, Apple a stone-cold boilerplate
The maintainer of the tnftp FTP client has patched a remote code execution vulnerability which affected operating systems including NetBSD, FreeBSD and Mac OS X. The flaw (CVE-2014-8517), which did not affect OpenBSD due to modifications, was patched over the weekend. Maintainer Luke Mewburn notified NetBSD (which ships tnftp) of the patch in a mailing list post after warning subscribers about the hole last week. NetBSD security bod Alistair Crook forewarned FreeBSD and Dragonfly, and received a...