CRLF Injection Vulnerabilities in Erlang/OTP FTP Module
CVE-2014-1693

Currently unrated

Key Information:

Vendor: Erlang
Status: Erlang\/otp
Vendor: CVE Published:; 8 December 2014

What is CVE-2014-1693?

The FTP module in Erlang/OTP R15B03 contains multiple vulnerabilities that allow context-dependent attackers to exploit CRLF injection. By inputting crafted CRLF sequences into various FTP commands, including user authentication and file management commands, an attacker can inject arbitrary commands. This could lead to unauthorized actions being executed on the FTP server, compromising the security of systems using this version of Erlang.

References

https://usn.ubuntu.com/3571-1/

vendor-advisoryx_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1059331

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Dec 8, 2014
Vulnerability Reserved
Jan 29, 2014