FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Remote command execution in ftp(1)

Affected packages
10.0 <= FreeBSD < 10.0_12
9.3 <= FreeBSD < 9.3_5
9.2 <= FreeBSD < 9.2_15
9.1 <= FreeBSD < 9.1_22
8.4 <= FreeBSD < 8.4_19


VuXML ID 7488378d-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-11-04
Entry 2016-08-11

Problem Description:

A malicious HTTP server could cause ftp(1) to execute arbitrary commands.


When operating on HTTP URIs, the ftp(1) client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not specified.

If the output file name provided by the server begins with a pipe ('|'), the output is passed to popen(3), which might be used to execute arbitrary commands on the ftp(1) client machine.


CVE Name CVE-2014-8517
FreeBSD Advisory SA-14:26.ftp