First published: Wed Jan 29 2014(Updated: )
An FTP command injection flaw was found [1] in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module. This issue has been reported upstream [2], but has not yet been fixed. [1] <a href="http://seclists.org/oss-sec/2014/q1/163">http://seclists.org/oss-sec/2014/q1/163</a> [2] <a href="http://erlang.org/pipermail/erlang-bugs/2014-January/003998.html">http://erlang.org/pipermail/erlang-bugs/2014-January/003998.html</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Erlang Erlang\/otp | =r15b03 | |
debian/erlang | 1:23.2.6+dfsg-1+deb11u1 1:25.2.3+dfsg-1 1:25.3.2.12+dfsg-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.