Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recvbin, (12) recvchunkstart, (13) send, (14) sendbin, (15) sendchunkstart, (16) appendchunkstart, (17) append, or (18) append_bin command.
{ "ubuntu_priority": "low", "availability": "No subscription required", "binaries": [ { "binary_name": "erlang", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-appmon", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-appmon-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-asn1", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-asn1-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-base", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-base-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-base-hipe", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-base-hipe-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-common-test", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-common-test-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-corba", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-corba-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-crypto", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-crypto-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-dbg", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-debugger", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-debugger-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-dev", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-dev-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-dialyzer", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-dialyzer-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-diameter", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-diameter-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-doc", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-edoc", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-edoc-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-eldap", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-eldap-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-erl-docgen", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-erl-docgen-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-et", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-et-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-eunit", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-eunit-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-examples", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-gs", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-gs-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-ic", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-ic-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-ic-java", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-inets", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-inets-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-jinterface", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-manpages", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-megaco", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-megaco-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-mnesia", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-mnesia-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-mode", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-nox", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-observer", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-observer-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-odbc", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-odbc-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-os-mon", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-os-mon-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-parsetools", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-parsetools-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-percept", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-percept-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-pman", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-pman-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-public-key", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-public-key-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-reltool", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-reltool-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-runtime-tools", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-runtime-tools-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-snmp", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-snmp-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-src", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-ssh", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-ssh-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-ssl", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-ssl-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-syntax-tools", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-syntax-tools-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-test-server", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-test-server-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-toolbar", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-toolbar-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-tools", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-tools-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-tv", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-tv-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-typer", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-typer-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-webtool", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-webtool-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-x11", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-xmerl", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" }, { "binary_name": "erlang-xmerl-dbgsym", "binary_version": "1:16.b.3-dfsg-1ubuntu2.2" } ] }