Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

RCE security vulnerability affecting NetBSD, FreeBSD and Mac OS X now fixed

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

November 3, 2014

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

The people responsible of maintaining the TN FTP client have patched a remote code execution security vulnerability which affected operating systems including NetBSD, FreeBSD and Mac OS X.

The security flaw (known as CVE-2014-8517), which did not affect OpenBSD due to previous modifications, was patched over the weekend, we are told.

One of the maintainers, Luke Mewburn, notified NetBSD which ships tnftp of the security patch in a mailing list post after warning subscribers about the flaw last week.

NetBSD security chap Alistair Crook then forewarned FreeBSD and Dragonfly, and received a boilerplate reply from Apple after warning it about the impact to OS X 10.10 (dubbed Yosemite).

Crook then explained that malicious servers could cause tnftp to run arbitrary commands when an output file was not specified.

"If you issue ftp http://server/path/file.txt and don't specify an output filename with -o, the ftp program can be tricked into executing arbitrary commands.

The FTP client will then follow some HTTP redirects and then uses the part of the path after the last / from the resource it accessed the last time as the output filename (as long as -o is not specified).

After it resolves the output filename, it then checks to see if the output filename begins with a "|" and if so, passes the rest to popen http://nxr.netbsd.org/xref/src/usr.bin/ftp/fetch.c#1156".

It then followed the fix for GNU Wget popular with Linux users which closed off a separate remote code execution hole (CVE-2014-4877) in versions prior to 1.16 which were present when operating in recursive mode with a FTP target.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer