CVE-2008-4247

2008-09-2519:25:00

Debian Security Bug Tracker

security-tracker.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.089 Low

EPSS

Percentile

94.5%

JSON

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux-ftpd< 0.17-29linux-ftpd_0.17-29_all.deb
Debian11alllinux-ftpd< 0.17-29linux-ftpd_0.17-29_all.deb
Debian12alllinux-ftpd-ssl< 0.17.27+0.3-3linux-ftpd-ssl_0.17.27+0.3-3_all.deb
Debian11alllinux-ftpd-ssl< 0.17.27+0.3-3linux-ftpd-ssl_0.17.27+0.3-3_all.deb
Debian999alllinux-ftpd-ssl< 0.17.27+0.3-3linux-ftpd-ssl_0.17.27+0.3-3_all.deb
Debian13alllinux-ftpd-ssl< 0.17.27+0.3-3linux-ftpd-ssl_0.17.27+0.3-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux-ftpd	< 0.17-29	linux-ftpd_0.17-29_all.deb
Debian	11	all	linux-ftpd	< 0.17-29	linux-ftpd_0.17-29_all.deb
Debian	12	all	linux-ftpd-ssl	< 0.17.27+0.3-3	linux-ftpd-ssl_0.17.27+0.3-3_all.deb
Debian	11	all	linux-ftpd-ssl	< 0.17.27+0.3-3	linux-ftpd-ssl_0.17.27+0.3-3_all.deb
Debian	999	all	linux-ftpd-ssl	< 0.17.27+0.3-3	linux-ftpd-ssl_0.17.27+0.3-3_all.deb
Debian	13	all	linux-ftpd-ssl	< 0.17.27+0.3-3	linux-ftpd-ssl_0.17.27+0.3-3_all.deb