CVE-2008-4247 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
freebsd	freebsd	7.0
netbsd	netbsd	4.0
openbsd	openbsd	4.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux-ftpd

bookworm	0.17-37 fixed
bullseye	0.17-36.2 fixed
etch	no-dsa

linux-ftpd-ssl

bookworm	0.17.36+really0.17-2 fixed
bullseye	0.17.36+0.3-2.2 fixed
etch	no-dsa
sid	0.17.36+really0.17-3 fixed

Known Exploits!

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc

http://bugs.proftpd.org/show_bug.cgi?id=3115

http://secunia.com/advisories/32068

http://secunia.com/advisories/32070

http://secunia.com/advisories/33341

http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc

http://securityreason.com/achievement_securityalert/56

http://securityreason.com/securityalert/4313

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.securitytracker.com/id?1020946

http://www.securitytracker.com/id?1021112

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc

http://bugs.proftpd.org/show_bug.cgi?id=3115

http://secunia.com/advisories/32068

http://secunia.com/advisories/32070

http://secunia.com/advisories/33341

http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc

http://securityreason.com/achievement_securityalert/56

http://securityreason.com/securityalert/4313

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.securitytracker.com/id?1020946

http://www.securitytracker.com/id?1021112