diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-08:12.ftpd.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-08:12.ftpd.asc | 155 |
1 files changed, 0 insertions, 155 deletions
diff --git a/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc b/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc deleted file mode 100644 index b1609720b2..0000000000 --- a/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc +++ /dev/null @@ -1,155 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-08:12.ftpd Security Advisory - The FreeBSD Project - -Topic: Cross-site request forgery in ftpd(8) - -Category: core -Module: ftpd -Announced: 2008-12-23 -Credits: Maksymilian Arciemowicz -Affects: All supported versions of FreeBSD. -Corrected: 2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE) - 2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2) - 2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7) - 2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE) - 2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1) - 2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7) -CVE Name: CVE-2008-4247 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:http://security.FreeBSD.org/>. - -I. Background - -ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) -server that is shipped with the FreeBSD base system. It is not enabled -in default installations but can be enabled as either an inetd(8) server, -or a standard-alone server. - -A cross-site request forgery attack is a type of malicious exploit that is -mainly targeted to a web browser, by tricking a user trusted by the site -into visiting a specially crafted URL, which in turn executes a command -which performs some privileged operations on behalf of the trusted user -on the victim site. - -II. Problem Description - -The ftpd(8) server splits long commands into several requests. This -may result in the server executing a command which is hidden inside -another very long command. - -III. Impact - -This could, with a specifically crafted command, be used in a -cross-site request forgery attack. - -FreeBSD systems running ftpd(8) server could act as a point of privilege -escalation in an attack against users using web browser to access trusted -FTP sites. - -IV. Workaround - -No workaround is available, but systems not running FTP servers are -not vulnerable. Systems not running the FreeBSD ftp(8) server are not -affected, but users of other ftp daemons are advised to take care -since several other ftp daemons are known to have related bugs. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the -RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch -dated after the correction date. - -2) To patch your present system: - -The following patches have been verified to apply to FreeBSD 6.3, 6.4, -7.0, and 7.1 systems. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch -# fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch.asc - -b) Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch -# cd /usr/src/libexec/ftpd -# make obj && make depend && make && make install - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -CVS: - -Branch Revision - Path -- ------------------------------------------------------------------------- -RELENG_6 - src/libexec/ftpd/ftpcmd.y 1.64.2.3 - src/libexec/ftpd/extern.h 1.19.14.1 - src/libexec/ftpd/ftpd.c 1.206.2.4 -RELENG_6_4 - src/UPDATING 1.416.2.40.2.4 - src/sys/conf/newvers.sh 1.69.2.18.2.7 - src/libexec/ftpd/ftpcmd.y 1.64.2.2.4.2 - src/libexec/ftpd/extern.h 1.19.30.2 - src/libexec/ftpd/ftpd.c 1.206.2.3.4.2 -RELENG_6_3 - src/UPDATING 1.416.2.37.2.12 - src/sys/conf/newvers.sh 1.69.2.15.2.11 - src/libexec/ftpd/ftpcmd.y 1.64.2.2.2.1 - src/libexec/ftpd/extern.h 1.19.26.1 - src/libexec/ftpd/ftpd.c 1.206.2.3.2.1 -RELENG_7 - src/libexec/ftpd/ftpcmd.y 1.66.2.1 - src/libexec/ftpd/extern.h 1.19.24.1 - src/libexec/ftpd/ftpd.c 1.212.2.1 -RELENG_7_1 - src/UPDATING 1.507.2.13.2.2 - src/libexec/ftpd/ftpcmd.y 1.66.6.2 - src/libexec/ftpd/extern.h 1.19.32.2 - src/libexec/ftpd/ftpd.c 1.212.6.2 -RELENG_7_0 - src/UPDATING 1.507.2.3.2.11 - src/sys/conf/newvers.sh 1.72.2.5.2.11 - src/libexec/ftpd/ftpcmd.y 1.66.4.1 - src/libexec/ftpd/extern.h 1.19.28.1 - src/libexec/ftpd/ftpd.c 1.212.4.1 -- ------------------------------------------------------------------------- - -Subversion: - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/6/ r186405 -releng/6.4/ r186405 -releng/6.3/ r186405 -stable/7/ r186405 -releng/7.1/ r186405 -releng/7.0/ r186405 -- ------------------------------------------------------------------------- - -VII. References - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4247 - -The latest revision of this advisory is available at -http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (FreeBSD) - -iEYEARECAAYFAklQP8wACgkQFdaIBMps37ITvgCePP8oVI6cffvQu229Qg7eNshN -A0kAn3A6kjr+QovEwOVKNzjow1aCtU8K -=sDxD ------END PGP SIGNATURE----- |