CVE-2014-8517
tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
La función fetch_url ubicada en usr.bin/ftp/fetch.c en thftp, usada en NetBSD 5.1 en 5.1.4, 5.2 hasta 5.2.2, 6.0 hasta 6.0.6 y 6.1 hasta 6.1.5 permite a atacantes remotos ejecutar comandos arbitrarios a través de un carácter '|' (tubería) al final de una redirección HTTP.
A malicious HTTP server could cause ftp(1) to execute arbitrary commands. When operating on HTTP URIs, the ftp(1) client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not specified. If the output file name provided by the server begins with a pipe ('|'), the output is passed to popen(3), which might be used to execute arbitrary commands on the ftp(1) client machine.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-10-28 CVE Reserved
- 2014-11-05 CVE Published
- 2014-12-02 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q4/459 | Mailing List |
|
| http://seclists.org/oss-sec/2014/q4/464 | Mailing List |
|
| http://secunia.com/advisories/62028 | Third Party Advisory | |
| http://secunia.com/advisories/62260 | Third Party Advisory | |
| http://support.apple.com/HT204244 | X_refsource_confirm |
|
| https://seclists.org/oss-sec/2014/q4/459 |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/144874 | 2017-11-03 | |
| https://www.exploit-db.com/exploits/35427 | 2014-12-02 | |
| https://www.exploit-db.com/exploits/43112 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc | 2017-11-06 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html | 2017-11-06 | |
| http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html | 2017-11-06 | |
| https://security.gentoo.org/glsa/201611-05 | 2017-11-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.8.5 Search vendor "Apple" for product "Mac Os X" and version "10.8.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.9.5 Search vendor "Apple" for product "Mac Os X" and version "10.9.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.10.0 Search vendor "Apple" for product "Mac Os X" and version "10.10.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.10.1 Search vendor "Apple" for product "Mac Os X" and version "10.10.1" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.1 Search vendor "Netbsd" for product "Netbsd" and version "5.1" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.1.1 Search vendor "Netbsd" for product "Netbsd" and version "5.1.1" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.1.2 Search vendor "Netbsd" for product "Netbsd" and version "5.1.2" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.1.3 Search vendor "Netbsd" for product "Netbsd" and version "5.1.3" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.1.4 Search vendor "Netbsd" for product "Netbsd" and version "5.1.4" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.2 Search vendor "Netbsd" for product "Netbsd" and version "5.2" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.2.1 Search vendor "Netbsd" for product "Netbsd" and version "5.2.1" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.2.2 Search vendor "Netbsd" for product "Netbsd" and version "5.2.2" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.0 Search vendor "Netbsd" for product "Netbsd" and version "6.0" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.0.1 Search vendor "Netbsd" for product "Netbsd" and version "6.0.1" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.0.2 Search vendor "Netbsd" for product "Netbsd" and version "6.0.2" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.0.3 Search vendor "Netbsd" for product "Netbsd" and version "6.0.3" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.0.4 Search vendor "Netbsd" for product "Netbsd" and version "6.0.4" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.0.5 Search vendor "Netbsd" for product "Netbsd" and version "6.0.5" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.0.6 Search vendor "Netbsd" for product "Netbsd" and version "6.0.6" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.1 Search vendor "Netbsd" for product "Netbsd" and version "6.1" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.1.1 Search vendor "Netbsd" for product "Netbsd" and version "6.1.1" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.1.2 Search vendor "Netbsd" for product "Netbsd" and version "6.1.2" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.1.3 Search vendor "Netbsd" for product "Netbsd" and version "6.1.3" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.1.4 Search vendor "Netbsd" for product "Netbsd" and version "6.1.4" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.1.5 Search vendor "Netbsd" for product "Netbsd" and version "6.1.5" | - |
Affected
| ||||||