CVE-2014-8517

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

References

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc

http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html

http://seclists.org/oss-sec/2014/q4/459

http://seclists.org/oss-sec/2014/q4/464

http://secunia.com/advisories/62028

http://secunia.com/advisories/62260

http://support.apple.com/HT204244

https://security.gentoo.org/glsa/201611-05

https://www.exploit-db.com/exploits/43112/

Details

Source: MITRE

Published: 2014-11-17

Updated: 2017-11-06

Type: CWE-77

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
94889GLSA-201611-05 : tnftp: Arbitrary code executionNessusGentoo Local Security Checks
high
92913FreeBSD : FreeBSD -- Remote command execution in ftp(1) (7488378d-6007-11e6-a6c3-14dae9d210b8)NessusFreeBSD Local Security Checks
high
81088Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)NessusMacOS X Local Security Checks
critical
81087Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)NessusMacOS X Local Security Checks
critical
79196Fedora 20 : tnftp-20141031-1.fc20 (2014-14113)NessusFedora Local Security Checks
high
79105openSUSE Security Update : tnftp (openSUSE-SU-2014:1383-1)NessusSuSE Local Security Checks
high