CVE-2014-1693

Related Files

Ubuntu Security Notice USN-3571-1

Posted Feb 14, 2018

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3571-1 - It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2014-1693, CVE-2015-2774, CVE-2016-10253, CVE-2017-1000385

SHA-256 | 17cd261b5bd06018d5a33b401a3ff15f84875562d975783f5ffda1ae13006e8f

Download | Favorite | View

Mandriva Linux Security Advisory 2015-174

Posted Mar 31, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-174 - An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module. This update also disables SSLv3 by default to mitigate the POODLE issue.

tags | advisory, arbitrary, local

systems | linux, mandriva

advisories | CVE-2014-1693

SHA-256 | 7327dff93225125f42183afea1aae6cef8aa7051755efb32071f7d558e419f43

Download | Favorite | View