var-201411-0457
Vulnerability from variot
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. tnftp is prone to a remote arbitrary command-execution. An attacker can exploit this issue to execute arbitrary commands in the context of the affected application. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation. The following versions are affected: NetBSD 5.1 to 5.1.4, 5.2 to 5.2.2, 6.0 to 6.0.6, 6.1 to 6.1.5.
Gentoo Linux Security Advisory GLSA 201611-05
https://security.gentoo.org/
Severity: Normal Title: tnftp: Arbitrary code execution Date: November 15, 2016 Bugs: #527302 ID: 201611-05
Synopsis
tnftp is vulnerable to remote code execution if output file is not specified.
Resolution
All tnftp users should upgrade to the latest version:
emerge --sync
emerge --ask --verbose --oneshot ">=net-ftp/tnftp-20141104"
References
[ 1 ] CVE-2014-8517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8517
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201611-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-14:26.ftp Security Advisory The FreeBSD Project
Topic: Remote command execution in ftp(1)
Category: core Module: ftp Announced: 2014-11-04 Credits: Jared McNeill, Alistair Crooks Affects: All supported versions of FreeBSD. Corrected: 2014-11-04 23:29:57 UTC (stable/10, 10.1-PRERELEASE) 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC4-p1) 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC3-p1) 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC2-p3) 2014-11-04 23:31:17 UTC (releng/10.0, 10.0-RELEASE-p12) 2014-11-04 23:30:47 UTC (stable/9, 9.3-STABLE) 2014-11-04 23:33:46 UTC (releng/9.3, 9.3-RELEASE-p5) 2014-11-04 23:33:17 UTC (releng/9.2, 9.2-RELEASE-p15) 2014-11-04 23:32:45 UTC (releng/9.1, 9.1-RELEASE-p22) 2014-11-04 23:30:23 UTC (stable/8, 8.4-STABLE) 2014-11-04 23:32:15 UTC (releng/8.4, 8.4-RELEASE-p19) CVE Name: CVE-2014-8517
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
The ftp(1) userland utility is an interactive FTP client. It can also be used non-interactively, by providing a URL on the command line. In this mode, it supports HTTP in addition to FTP.
II.
III. Impact
When operating on HTTP URIs, the ftp(1) client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not specified.
IV. Workaround
No workaround is available. Users are encouraged to replace ftp(1) in non-interactive use by either fetch(1) or a third-party client such as curl or wget.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8]
fetch http://security.FreeBSD.org/patches/SA-14:26/ftp-8.patch
fetch http://security.FreeBSD.org/patches/SA-14:26/ftp-8.patch.asc
gpg --verify ftp-8.patch.asc
[All other versions]
fetch http://security.FreeBSD.org/patches/SA-14:26/ftp.patch
fetch http://security.FreeBSD.org/patches/SA-14:26/ftp.patch.asc
gpg --verify ftp.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile ftp. Execute the following commands as root:
cd /usr/src/usr.bin/ftp
make && make install
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r274108 releng/8.4/ r274111 stable/9/ r274109 releng/9.1/ r274112 releng/9.2/ r274113 releng/9.3/ r274114 stable/10/ r274107 releng/10.0/ r274110 releng/10.1/ r274115
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJUWWUQAAoJEO1n7NZdz2rnhUwP+wQKrgKs6lRk6Yl4UtRyEwyG BHGkA62oaQbehuccahjQgIcLTk3Vp3AalXtSQpdyWJktHiYrFwBnheW/IrhJ6bMS dpJv3yqqQtSED9sADf+GAvxV6TG9bknq/RDxXKpsQ/MocYbiVxz/3nDOMz9CB7ep saDttvGHW7RUmNoKL70pgItGapiVuBzMF01PCZ2SmFiJHYi7BoiJwm72Y1NLU8YE TkiX2ZAoTVMN5/R3DW38HyVCyeY2tMTHSdQXRSYjwzJ0gEbBPWMPQyB1SAa8dtk5 j54KFNOBoaXMjd3USqFgo0fduU3rGZp5PwITTx5Rx5Ixtz2vHddyOISV0RcjA0cq TWDwBGlKET7qZ1j7nHTgy4U4wMTWFbkjjqEY+RHYywaAmy8ACDmEUci8d3fWKWVY d4y8RCvBrlnFVjmNiNcBc5XFXxY0Ra3BQ8C/VE0k0ZFuzmFUCi+DJZDR2Gtl0R9Q 1hAdj+yOJo46ylHPiSyoBZmsRZccV1a81phOPe0mPR84BvzNvBsdI+EFIJWi+5bw bjuSM8YCOHrlGkqh9h9+BizvLfJFpjUSglwzPmOfRpTv59XJpc6D1Hia+uICTEfd lSiJgDZ6enozY7QVoiO7G/ycyQCVe7Ehwywx/dpWXVpva85tn4Xl2khBCiPNbBBo xnPjqxmwGK+4uegsO6CY =QT3h -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.8,
"vendor": "apple",
"version": "10.10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.0.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.1.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.1.5"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.1.4"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.0.5"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.0.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.1.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.1.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.6,
"vendor": "netbsd",
"version": "6.0.4"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.4"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "5.1 to 5.1.4"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "5.2 to 5.2.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "6.0 to 6.0.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "6.1 to 6.1.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10"
},
{
"model": "rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.2"
},
{
"model": "10.0-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.1-prerelease",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-beta",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.1-rc4-p1",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p15",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.10"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.3"
},
{
"model": "8.4-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.2"
},
{
"model": "9.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "9.1-rc1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "9.3-rc",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-beta1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p13",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p20",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-rc3-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p17",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.1-rc2-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "9.1-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-rc3-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p19",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "10.0"
},
{
"model": "10.1-rc3-p1",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-release-p12",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-rc2-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "9.1-release-p14",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.1-rc1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-beta1-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-rc2-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p16",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-rc2-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-rc3-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-rc1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p19",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "release-p4",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "10.1-rc2-p3",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p13",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "-release-p8",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "9.3-rc1-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.1-beta1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p18",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.2"
},
{
"model": "10.0-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.10"
},
{
"model": "9.2-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p17",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1--releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "10.1"
},
{
"model": "9.1-release-p22",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p16",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-beta3-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.10"
},
{
"model": "9.2-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-beta1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "tnftp",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "0"
},
{
"model": "9.1-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p15",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-beta1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-rc1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.3-release-p5",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p15",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-rc1-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p14",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.2-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "8.4"
},
{
"model": "10.0-rc2-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "8.4-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.1-beta3-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "70792"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
},
{
"db": "NVD",
"id": "CVE-2014-8517"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netbsd:netbsd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jared Mcneill",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
}
],
"trust": 0.6
},
"cve": "CVE-2014-8517",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8517",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76462",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8517",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1416",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76462",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76462"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
},
{
"db": "NVD",
"id": "CVE-2014-8517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. tnftp is prone to a remote arbitrary command-execution. \nAn attacker can exploit this issue to execute arbitrary commands in the context of the affected application. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation. The following versions are affected: NetBSD 5.1 to 5.1.4, 5.2 to 5.2.2, 6.0 to 6.0.6, 6.1 to 6.1.5. \n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201611-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: tnftp: Arbitrary code execution\n Date: November 15, 2016\n Bugs: #527302\n ID: 201611-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\ntnftp is vulnerable to remote code execution if output file is not\nspecified. \n\nResolution\n==========\n\nAll tnftp users should upgrade to the latest version:\n\n\u003ccode\u003e\n# emerge --sync\n# emerge --ask --verbose --oneshot \"\u003e=net-ftp/tnftp-20141104\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8517\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201611-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:26.ftp Security Advisory\n The FreeBSD Project\n\nTopic: Remote command execution in ftp(1)\n\nCategory: core\nModule: ftp\nAnnounced: 2014-11-04\nCredits: Jared McNeill, Alistair Crooks\nAffects: All supported versions of FreeBSD. \nCorrected: 2014-11-04 23:29:57 UTC (stable/10, 10.1-PRERELEASE)\n 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC4-p1)\n 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC3-p1)\n 2014-11-04 23:34:46 UTC (releng/10.1, 10.1-RC2-p3)\n 2014-11-04 23:31:17 UTC (releng/10.0, 10.0-RELEASE-p12)\n 2014-11-04 23:30:47 UTC (stable/9, 9.3-STABLE)\n 2014-11-04 23:33:46 UTC (releng/9.3, 9.3-RELEASE-p5)\n 2014-11-04 23:33:17 UTC (releng/9.2, 9.2-RELEASE-p15)\n 2014-11-04 23:32:45 UTC (releng/9.1, 9.1-RELEASE-p22)\n 2014-11-04 23:30:23 UTC (stable/8, 8.4-STABLE)\n 2014-11-04 23:32:15 UTC (releng/8.4, 8.4-RELEASE-p19)\nCVE Name: CVE-2014-8517\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI. Background\n\nThe ftp(1) userland utility is an interactive FTP client. It can also\nbe used non-interactively, by providing a URL on the command line. In\nthis mode, it supports HTTP in addition to FTP. \n\nII. \n\nIII. Impact\n\nWhen operating on HTTP URIs, the ftp(1) client follows HTTP redirects,\nand uses the part of the path after the last \u0027/\u0027 from the last\nresource it accesses as the output filename if \u0027-o\u0027 is not specified. \n\nIV. Workaround\n\nNo workaround is available. Users are encouraged to replace ftp(1) in\nnon-interactive use by either fetch(1) or a third-party client such as\ncurl or wget. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8]\n# fetch http://security.FreeBSD.org/patches/SA-14:26/ftp-8.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:26/ftp-8.patch.asc\n# gpg --verify ftp-8.patch.asc\n\n[All other versions]\n# fetch http://security.FreeBSD.org/patches/SA-14:26/ftp.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:26/ftp.patch.asc\n# gpg --verify ftp.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile ftp. Execute the following commands as root:\n\n# cd /usr/src/usr.bin/ftp\n# make \u0026\u0026 make install\n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r274108\nreleng/8.4/ r274111\nstable/9/ r274109\nreleng/9.1/ r274112\nreleng/9.2/ r274113\nreleng/9.3/ r274114\nstable/10/ r274107\nreleng/10.0/ r274110\nreleng/10.1/ r274115\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:26.ftpd.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQIcBAEBCgAGBQJUWWUQAAoJEO1n7NZdz2rnhUwP+wQKrgKs6lRk6Yl4UtRyEwyG\nBHGkA62oaQbehuccahjQgIcLTk3Vp3AalXtSQpdyWJktHiYrFwBnheW/IrhJ6bMS\ndpJv3yqqQtSED9sADf+GAvxV6TG9bknq/RDxXKpsQ/MocYbiVxz/3nDOMz9CB7ep\nsaDttvGHW7RUmNoKL70pgItGapiVuBzMF01PCZ2SmFiJHYi7BoiJwm72Y1NLU8YE\nTkiX2ZAoTVMN5/R3DW38HyVCyeY2tMTHSdQXRSYjwzJ0gEbBPWMPQyB1SAa8dtk5\nj54KFNOBoaXMjd3USqFgo0fduU3rGZp5PwITTx5Rx5Ixtz2vHddyOISV0RcjA0cq\nTWDwBGlKET7qZ1j7nHTgy4U4wMTWFbkjjqEY+RHYywaAmy8ACDmEUci8d3fWKWVY\nd4y8RCvBrlnFVjmNiNcBc5XFXxY0Ra3BQ8C/VE0k0ZFuzmFUCi+DJZDR2Gtl0R9Q\n1hAdj+yOJo46ylHPiSyoBZmsRZccV1a81phOPe0mPR84BvzNvBsdI+EFIJWi+5bw\nbjuSM8YCOHrlGkqh9h9+BizvLfJFpjUSglwzPmOfRpTv59XJpc6D1Hia+uICTEfd\nlSiJgDZ6enozY7QVoiO7G/ycyQCVe7Ehwywx/dpWXVpva85tn4Xl2khBCiPNbBBo\nxnPjqxmwGK+4uegsO6CY\n=QT3h\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8517"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"db": "BID",
"id": "70792"
},
{
"db": "VULHUB",
"id": "VHN-76462"
},
{
"db": "PACKETSTORM",
"id": "139730"
},
{
"db": "PACKETSTORM",
"id": "128981"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-76462",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76462"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8517",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "62260",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "62028",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "43112",
"trust": 1.1
},
{
"db": "BID",
"id": "70792",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU96447236",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005490",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1416",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "61491",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "61967",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "28234",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "128981",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "139730",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "35427",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144874",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76462",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76462"
},
{
"db": "BID",
"id": "70792"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"db": "PACKETSTORM",
"id": "139730"
},
{
"db": "PACKETSTORM",
"id": "128981"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
},
{
"db": "NVD",
"id": "CVE-2014-8517"
}
]
},
"id": "VAR-201411-0457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76462"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:24:55.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-01-27-4",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"title": "HT204244",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204244"
},
{
"title": "HT204244",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204244"
},
{
"title": "NetBSD-SA2014-013",
"trust": 0.8,
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc"
},
{
"title": "NetBSD-5.1.5-acorn26",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54629"
},
{
"title": "NetBSD-5.2.3-acorn26",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54630"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76462"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"db": "NVD",
"id": "CVE-2014-8517"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://seclists.org/oss-sec/2014/q4/459"
},
{
"trust": 1.7,
"url": "http://seclists.org/oss-sec/2014/q4/464"
},
{
"trust": 1.7,
"url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-013.txt.asc"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/62028"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/62260"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201611-05"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/ht204244"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/43112/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8517"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96447236/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8517"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/61491"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/61967"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70792"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/28234"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/nov/19"
},
{
"trust": 0.3,
"url": "http://www.netbsd.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8517"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8517"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:26/ftp.patch"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:26/ftp-8.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/advisories/freebsd-sa-14:26.ftpd.asc\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:26/ftp.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:26/ftp-8.patch"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8517\u003e"
},
{
"trust": 0.1,
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76462"
},
{
"db": "BID",
"id": "70792"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"db": "PACKETSTORM",
"id": "139730"
},
{
"db": "PACKETSTORM",
"id": "128981"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
},
{
"db": "NVD",
"id": "CVE-2014-8517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-76462"
},
{
"db": "BID",
"id": "70792"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"db": "PACKETSTORM",
"id": "139730"
},
{
"db": "PACKETSTORM",
"id": "128981"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
},
{
"db": "NVD",
"id": "CVE-2014-8517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-76462"
},
{
"date": "2014-10-26T00:00:00",
"db": "BID",
"id": "70792"
},
{
"date": "2014-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"date": "2016-11-15T16:47:48",
"db": "PACKETSTORM",
"id": "139730"
},
{
"date": "2014-11-05T17:15:51",
"db": "PACKETSTORM",
"id": "128981"
},
{
"date": "2014-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1416"
},
{
"date": "2014-11-17T16:59:05.213000",
"db": "NVD",
"id": "CVE-2014-8517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-76462"
},
{
"date": "2015-04-13T21:21:00",
"db": "BID",
"id": "70792"
},
{
"date": "2015-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005490"
},
{
"date": "2014-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1416"
},
{
"date": "2017-11-06T02:29:00.227000",
"db": "NVD",
"id": "CVE-2014-8517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "139730"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetBSD Used in tnftp of usr.bin/ftp/fetch.c Inside fetch_url Arbitrary command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005490"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1416"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.