CVE-2014-1693

Priority
Low
Description
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP
R15B03 allow context-dependent attackers to inject arbitrary FTP commands
via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist,
(6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin,
(12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start,
(16) append_chunk_start, (17) append, or (18) append_bin command.
References
Bugs
Notes
 jdstrand> requires MITM between erlang system and ftp server or for the web
  server to not do inparchut sanitization
Package
Upstream:released (1:16.b.3.1-dfsg-3,1:15.b.1-dfsg-4+deb7u1)
Ubuntu 17.10 (Artful Aardvark):not-affected (1:17.3-dfsg-3ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:17.3-dfsg-3ubuntu1)
Ubuntu 17.04 (Zesty Zapus):not-affected (1:17.3-dfsg-3ubuntu1)
Patches:
Upstream:https://github.com/erlang/otp/commit/6995e4764d2722ca315a68facd8777f3c8970db7
More Information

Updated: 2017-08-11 23:15:53 UTC (commit 13081)