GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Nov 15, 2016 7:26 am Post subject: [ GLSA 201611-05 ] tnftp |
 |
|
Gentoo Linux Security Advisory
Title: tnftp: Arbitrary code execution (GLSA 201611-05)
Severity: normal
Exploitable: remote
Date: November 15, 2016
Bug(s): #527302
ID: 201611-05
Synopsis
tnftp is vulnerable to remote code execution if output file is not
specified.
Background
tnftp is a NetBSD FTP client with several advanced features.
Affected Packages
Package: net-ftp/tnftp
Vulnerable: < 20141104
Unaffected: >= 20141104
Architectures: All supported architectures
Description
The fetch_url function in usr.bin/ftp/fetch.c allows remote
attackers to execute arbitrary commands via a
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All tnftp users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --verbose --oneshot ">=net-ftp/tnftp-20141104"
|
References
CVE-2014-8517
Last edited by GLSA on Fri Nov 18, 2016 4:17 am; edited 1 time in total |
|
News & Announcements
