![\"Linux\/UNIX](\"https:\/\/farm8.staticflickr.com\/7562\/15039756563_8aef7c8fe8.jpg\")
<\/p>\nA lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client<\/p>\n
It’s a fairly unlikely set of circumstances however, and it is a client flaw not a server flaw – so you’d need to connect to a malicious server using tnftp to fall foul of this flaw.<\/p>\n
<\/p>\n
Basically if you request a file, but don’t use the -o flag to specify an output filename the client will follow HTTP redirects and if the output of the filename begins with a pipe it will pass the rest to popen.<\/p>\n
A serious vulnerability has been discovered in a File Transfer Protocol (FTP) client used by many Unix-like (*NIX) operating systems, representatives of the NetBSD Project reported on Tuesday.<\/p>\n
The tnftp FTP client is fairly old, but it’s still widely used. It can be found in Red Hat’s Fedora, Debian, NetBSD, FreeBSD, OpenBSD, and even Apple’s OS X operating systems.<\/p>\n
Jared McNeill, a software developer at the NetBSD Project, has identified a vulnerability that can be exploited via a malicious Web server to cause tnftp to execute arbitrary commands. The CVE-2014-8517 identifier has been assigned to the flaw.<\/p>\n
FTP Vulnerability”If you do ‘ftp http:\/\/server\/path\/file.txt’; and don’t specify an output filename with -o, the ftp program can be tricked into executing arbitrary commands,” Alistair Crooks, security officer at the NetBSD Project, explained in an advisory published on the Full Disclosure mailing list. “The FTP client will follow HTTP redirects, and uses the part of the path after the last \/ from the last resource it accesses as the output filename (as long as -o is not specified).”<\/p><\/blockquote>\n