Cross-Site Request Forgery in FTP Daemon Across Multiple Operating Systems
CVE-2008-4247

Currently unrated

Key Information:

Vendor

Netbsd

Status
Netbsd
FreeBSD
OpenBSD
Vendor
CVE Published:
25 September 2008

What is CVE-2008-4247?

The FTP daemon (ftpd) across various Unix-based operating systems, including OpenBSD, FreeBSD, NetBSD, and Solaris, is susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability arises from the way ftpd interprets long commands received from FTP clients. An attacker can exploit this flaw by crafting an excessively long ftp:// URI, which may lead to the execution of arbitrary commands leveraging an active session from the web browser's FTP client implementation. This can compromise security and potentially allow unauthorized actions on the affected systems.

References

http://www.securitytracker.com/id?1021112
vdb-entryx_refsource_SECTRACK
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ft...
x_refsource_CONFIRM
http://www.securitytracker.com/id?1020946
vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.