CVE-2008-4247

Name of the Vulnerable Software and Affected Versions: OpenBSD version 4.3 FreeBSD version 7.0 NetBSD version 4.0 Solaris (affected versions not specified)

Description: The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI. This is possible because the ftpd interprets long commands from an FTP client as multiple commands, leveraging an existing session from the FTP client implementation in a web browser.

Recommendations: For OpenBSD version 4.3, update to a version that fixes this issue. For FreeBSD version 7.0, update to a version that fixes this issue. For NetBSD version 4.0, update to a version that fixes this issue. For Solaris, update to a version that fixes this issue, however, the specific version is not specified. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected software.