FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4242

This CVE name corresponds to:

Entered Topic
2008-09-23 proftpd -- Long Command Processing Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-4242
Phase Assigned(20080925)

Description

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

References

Source Reference
SREASONRES 20080926 multiple vendor ftpd - Cross-site request forgery
CONFIRM http://bugs.proftpd.org/show_bug.cgi?id=3115
DEBIAN DSA-1689
FEDORA FEDORA-2009-0064
FEDORA FEDORA-2009-0195
MANDRIVA MDVSA-2009:061
BID 31289
SECTRACK 1020945
SECUNIA 31930
SECUNIA 33261
SECUNIA 33413
SREASON 4313
XF proftpd-url-csrf(45274)