Mac OS X CFNetwork ftp: URI Arbitrary FTP Command Execution

2007-07-31T17:53:25
ID OSVDB:36975
Type osvdb
Reporter OSVDB
Modified 2007-07-31T17:53:25

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a context-dependent attacker to execute arbitrary ftp commands as the logged-in user. The issue is triggered when a user clicks on a maliciously crafted FTP URI. It is possible that the flaw may allow execution of commands on servers available to the logged-in user resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X 10.3 - 10.4.10 CFNetwork ftp: URI Arbitrary FTP Command Execution

References:

Vendor Specific Advisory URL Security Tracker: 1018491 Secunia Advisory ID:26235 Related OSVDB ID: 36965 Related OSVDB ID: 36971 Related OSVDB ID: 36973 Related OSVDB ID: 36974 Related OSVDB ID: 36967 Related OSVDB ID: 36963 Related OSVDB ID: 36964 Related OSVDB ID: 36966 Related OSVDB ID: 36968 Related OSVDB ID: 36972 Related OSVDB ID: 36969 Related OSVDB ID: 36970 Mail List Post: http://lists.apple.com/archives/security-announce/2007/Jul/msg00004.html ISS X-Force ID: 35721 FrSIRT Advisory: ADV-2007-2732 CVE-2007-2403 Bugtraq ID: 25159