NetBSD Project representatives have reported serious vulnerability in a FTP client used by many UNIX-like (*NIX) operating systems all over the world.
What is the Flaw?
The effected FTP client is "tnftp" which is basically fount in RedHat's Fedora,Debian, NetBSD,FreeBSD,OpenBSD and even Apple's OS X operating system. Though the client itself is very old now, but it's used by millions of *NIX OS users.
How does it Work?
The flaw which is submitted as CVE-2014-8517 was discovered by Jared McNeill, a software developer in NetBSD Project and can be exploited via malicious web server to force tnftp to perform arbitrary commands.
Alistair Crooks, security officer at NetBSD Project described the flaw by saying that if a user ftp a file without specifying the output name, the ftp program can be forced to execute arbitrary commands.The FTP client will follow HTTP redirects and will try to use the part, after the last '/' of last path it used as the output file name.
After it gets the file name any how, it checks if the output file name begins with a '|' and if yes, it passes the rest to popen(3).
OS Developers Aware of the Bug:
The list of the OS developers who seem to be aware of the bug includes Debian, redHat, Gentoo, Novell(SuSE Linux), DragonFly, FreeBSD,OpenBSD and Apple.
Apple OS X Yosemite 10.10 is Vulnerable Too
Apple OS X Yosemite 10.10 is also affected by the tnftp vulnerability. Debian,Novell, RedHat,Gentoo have issued security advisory individually.

0 comments:
Post a Comment