Summary
The host is running tnftpd server and is prone to Cross-Site Request Forgery vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary code to perform CSRF attacks, Web cache poisoning, and other malicious activities.
Impact Level: Application/Network
Solution
Upgrade to tnftpd version 20080929 or later,
ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/
Insight
The flaw is due to the application truncating an overly long FTP command and improperly interpreting the remainder string as a new FTP command. This can be exploited via unknown vectors, probably involving a crafted 'ftp://' link to a tnftpd server.
Affected
NetBSD, tnftpd Version prior to 20080929
References
Severity
Classification
-
CVE CVE-2008-7016 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities