Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerabilities Found (and Sought) In More Command-Line Tools

Posted by timothy on from the one-thing-at-a-time dept.

itwbennett writes The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities. Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems [also mentioned here]. This comes after a remote code execution vulnerability was found last week in a library used by strings, objdump, readelf and other command-line tools.

1 of 87 comments (clear)

  1. tnftp by Anonymous Coward · · Score: 5, Informative

    From one of the referenced articles:

    Tnftp is a cross-platform port of the original BSD FTP client. It is the default FTP client in NetBSD, FreeBSD, DragonFly BSD and Mac OS X, but it is also available in many Linux distributions.

    The tnftp package shipped with OpenBSD is not vulnerable due to some changes made to the code some time ago

    It's almost like the OpenBSD team knows what they're doing when it comes to security.