Select local site

F-Secure Vulnerability Information :
OpenBSD ftpd Long Command Processing Vulnerability
[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA32070
Source:Secunia
Date of Discovery:29.09.2008
Criticality:Low
Affects:

OpenBSD 4.3
Compromise From:From remote
Compromise Type:Cross site scripting
Summary

A vulnerability in OpenBSD ftpd has reported, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Back to the Top

Detailed Description

A vulnerability in OpenBSD ftpd has reported, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user into following a malicious link.
Back to the Top

Solution
Back to the Top

CVE Reference
CVE-2008-4247
Back to the Top

F-Secure Corporation