Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDE9ECACEB-DB0D-11DD-AA56-000BCDF0A03B
HistoryDec 23, 2008 - 12:00 a.m.

FreeBSD -- Cross-site request forgery in ftpd(8)

2008-12-2300:00:00
vuxml.freebsd.org
12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.089 Low

EPSS

Percentile

94.5%

JSON

Problem Description:
The ftpd(8) server splits long commands into several
requests. This may result in the server executing a command
which is hidden inside another very long command.
Impact:
This could, with a specifically crafted command, be used in a
cross-site request forgery attack.
FreeBSD systems running ftpd(8) server could act as a point
of privilege escalation in an attack against users using web
browser to access trusted FTP sites.
Workaround:
No workaround is available, but systems not running FTP
servers are not vulnerable. Systems not running the FreeBSD
ftp(8) server are not affected, but users of other ftp
daemons are advised to take care since several other ftp
daemons are known to have related bugs.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd= 6.3UNKNOWN
FreeBSDanynoarchfreebsd< 6.3_7UNKNOWN

Related

securityvulns 5
cve 1
freebsd_advisory 2
nessus 3
prion 1
openvas 6
debiancve 1
freebsd 1
oracle 1
securityvulns
securityvulns
Multiple FTP servers unsafe fgets&#40;&#41; vulnerability
2009-01-11 00:00:00
FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd
2009-01-09 00:00:00
FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd
2009-01-11 00:00:00
cve
cve
CVE-2008-4247
2008-09-25 19:25:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:01.lukemftpd
2009-01-07 00:00:00
FreeBSD-SA-08:12.ftpd
2008-12-23 00:00:00
nessus
nessus
Solaris 10 (x86) : 140400-03
2018-03-12 00:00:00
Solaris 10 (sparc) : 140399-03
2018-03-12 00:00:00
FreeBSD : proftpd -- Long Command Processing Vulnerability (0f51f2c9-8956-11dd-a6fe-0030843d3802)
2008-09-23 00:00:00
prion
prion
Cross site request forgery (csrf)
2008-09-25 19:25:00
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-08:12.ftpd.asc)
2008-12-29 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-09:01.lukemftpd.asc)
2009-01-13 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-08:12.ftpd.asc)
2008-12-29 00:00:00
debiancve
debiancve
CVE-2008-4247
2008-09-25 19:25:00
freebsd
freebsd
proftpd -- Long Command Processing Vulnerability
2008-09-22 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.089 Low

EPSS

Percentile

94.5%

JSON
Related for E9ECACEB-DB0D-11DD-AA56-000BCDF0A03B
securityvulns5cve1freebsd_advisory2nessus3prion1openvas6debiancve1freebsd1oracle1