Attachment #453420 for bug #599942

View | Details | Raw Unified | Return to bug 599942
Collapse All | Expand All




    <p>tnftp is a NetBSD FTP client with several advanced features.</p>
  </background>
  <description>
    <p>The fetch_url function in usr.bin/ftp/fetch.c allows remote attackers
    to execute arbitrary commands via a (pipe) character at the end of an HTTP
    redirect.
    </p>
            attackers to execute arbitrary commands via a
          </td>
          <td>(pipe) character at the end of an HTTP redirect.</td>
        </tr>
      </tbody>
    </table>
  </description>
  <impact type="normal">
    <p>A remote attacker could possibly execute arbitrary code with the

Return to bug 599942

Lines 20-35 Link Here

(-)a/usr/portage/metadata/glsa/glsa-201611-05.xml (-10 / +4 lines)
20	<p>tnftp is a NetBSD FTP client with several advanced features.</p>	20	<p>tnftp is a NetBSD FTP client with several advanced features.</p>
21	</background>	21	</background>
22	<description>	22	<description>
23	<table>	23	<p>The fetch_url function in usr.bin/ftp/fetch.c allows remote attackers
24	<tbody>	24	to execute arbitrary commands via a (pipe) character at the end of an HTTP
25	<tr>	25	redirect.
26	<td>The fetch_url function in usr.bin/ftp/fetch.c allows remote	26	</p>
27	attackers to execute arbitrary commands via a
28	</td>
29	<td>(pipe) character at the end of an HTTP redirect.</td>
30	</tr>
31	</tbody>
32	</table>
33	</description>	27	</description>
34	<impact type="normal">	28	<impact type="normal">
35	<p>A remote attacker could possibly execute arbitrary code with the	29	<p>A remote attacker could possibly execute arbitrary code with the