CVE-2014-1693

EUVD-2014-1767
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Debian logo
Debian Releases
Debian Product
Codename
erlang
bookworm
1:25.2.3+dfsg-1
fixed
bullseye
1:23.2.6+dfsg-1+deb11u1
fixed
sid
1:25.3.2.12+dfsg-3
fixed
squeeze
no-dsa
trixie
1:25.3.2.12+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
erlang
artful
not-affected
lucid
ignored
precise
ignored
quantal
ignored
saucy
ignored
trusty
Fixed 1:16.b.3-dfsg-1ubuntu2.2
released
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
References
http://advisories.mageia.org/MGASA-2014-0553.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html
http://seclists.org/oss-sec/2014/q1/163
http://www.mandriva.com/security/advisories?name=MDVSA-2015:174
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
https://usn.ubuntu.com/3571-1/
http://advisories.mageia.org/MGASA-2014-0553.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html
http://seclists.org/oss-sec/2014/q1/163
http://www.mandriva.com/security/advisories?name=MDVSA-2015:174
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
https://usn.ubuntu.com/3571-1/