CVE-2014-1693 Information

Description

Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user (2) account (3) cd (4) ls (5) nlist (6) rename (7) delete (8) mkdir (9) rmdir (10) recv (11) recv_bin (12) recv_chunk_start (13) send (14) send_bin (15) send_chunk_start (16) append_chunk_start (17) append or (18) append_bin command.

Reference

http://advisories.mageia.org/MGASA-2014-0553.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html http://seclists.org/oss-sec/2014/q1/163 http://www.mandriva.com/security/advisories?name=MDVSA-2015:174 https://bugzilla.redhat.com/show_bug.cgi?id=1059331 https://usn.ubuntu.com/3571-1/