CVE-2008-4247

N/A Unknown

Published: September 25, 2008 Modified: April 23, 2026

Description

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc

Source: cve@mitre.org

http://bugs.proftpd.org/show_bug.cgi?id=3115

Source: cve@mitre.org

http://secunia.com/advisories/32068

Source: cve@mitre.org

http://secunia.com/advisories/32070

Source: cve@mitre.org

http://secunia.com/advisories/33341

Source: cve@mitre.org

http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc

Source: cve@mitre.org

http://securityreason.com/achievement_securityalert/56

Source: cve@mitre.org

http://securityreason.com/securityalert/4313

Source: cve@mitre.org

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y

Source: cve@mitre.org

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h

Source: cve@mitre.org

Exploit

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c

Source: cve@mitre.org

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h

Source: cve@mitre.org

Exploit

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Source: cve@mitre.org

http://www.securitytracker.com/id?1020946

Source: cve@mitre.org

http://www.securitytracker.com/id?1021112

Source: cve@mitre.org

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc

Source: af854a3a-2127-422b-91ae-364da2661108

http://bugs.proftpd.org/show_bug.cgi?id=3115

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32068

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32070

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33341

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/achievement_securityalert/56

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4313

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020946

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1021112

Source: af854a3a-2127-422b-91ae-364da2661108

30 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

12.6%

94th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-352

Affected Vendors

freebsd openbsd netbsd

Related CVEs

CVE-2026-41044 N/A

CVE-2026-41043 N/A

CVE-2026-40466 N/A

CVE-2025-62233 N/A

CVE-2026-6272 N/A