FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Remote command execution in ftp(1)

Affected packages
10.0 <= FreeBSD < 10.0_12
9.3 <= FreeBSD < 9.3_5
9.2 <= FreeBSD < 9.2_15
9.1 <= FreeBSD < 9.1_22
8.4 <= FreeBSD < 8.4_19

Details

VuXML ID 7488378d-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-11-04
Entry 2016-08-11

Problem Description:

A malicious HTTP server could cause ftp(1) to execute arbitrary commands.

Impact:

When operating on HTTP URIs, the ftp(1) client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not specified.

If the output file name provided by the server begins with a pipe ('|'), the output is passed to popen(3), which might be used to execute arbitrary commands on the ftp(1) client machine.

References

CVE Name CVE-2014-8517
FreeBSD Advisory SA-14:26.ftp