CVE-2014-1693

Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Debian logo
Debian Releases
Debian Product
Codename
erlang
bullseye
1:23.2.6+dfsg-1+deb11u1
fixed
squeeze
no-dsa
bookworm
1:25.2.3+dfsg-1
fixed
sid
1:25.3.2.12+dfsg-3
fixed
trixie
1:25.3.2.12+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
erlang
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
Fixed 1:16.b.3-dfsg-1ubuntu2.2
released
saucy
ignored
quantal
ignored
precise
ignored
lucid
ignored
References
http://advisories.mageia.org/MGASA-2014-0553.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html
http://seclists.org/oss-sec/2014/q1/163
http://www.mandriva.com/security/advisories?name=MDVSA-2015:174
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
https://usn.ubuntu.com/3571-1/
http://advisories.mageia.org/MGASA-2014-0553.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html
http://seclists.org/oss-sec/2014/q1/163
http://www.mandriva.com/security/advisories?name=MDVSA-2015:174
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
https://usn.ubuntu.com/3571-1/