CVE-2014-8517

Apple Mac OS X - Command Injection

Title source: rule

Description

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/43112

View Code ZIP pw:eip

exploitdb WORKING POC

by dash · pythonremotebsd

https://www.exploit-db.com/exploits/35427

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Jared McNeill, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/tnftp_savefile.rb

View Code ZIP pw:eip

References (10)

[Patch, Vendor Advisory] http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc

[Mailing List] http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2014-11/msg00029.html

[Mailing List] http://seclists.org/oss-sec/2014/q4/459

[Mailing List] http://seclists.org/oss-sec/2014/q4/464

[Third Party Advisory] http://secunia.com/advisories/62028

[Vendor Advisory] http://support.apple.com/HT204244

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43112/

[Third Party Advisory] https://security.gentoo.org/glsa/201611-05

[Third Party Advisory] http://secunia.com/advisories/62260

Scores

EPSS 0.8498

EPSS Percentile 99.4%

Details

CWE

CWE-77

Status published

Products (25)

apple/mac_os_x 10.8.5

apple/mac_os_x 10.9.5

apple/mac_os_x 10.10.0

apple/mac_os_x 10.10.1

netbsd/netbsd 5.1

netbsd/netbsd 5.1.1

netbsd/netbsd 5.1.2

netbsd/netbsd 5.1.3

netbsd/netbsd 5.1.4

netbsd/netbsd 5.2

... and 15 more

Published Nov 17, 2014

Tracked Since Feb 18, 2026