{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2014-1693","title":"Title"},{"category":"description","text":"Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2014-1693","url":"https://www.suse.com/security/cve/CVE-2014-1693"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 861573 for CVE-2014-1693","url":"https://bugzilla.suse.com/861573"},{"category":"external","summary":"Advisory link for SUSE-SU-2014:0659-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2014-May/000816.html"}],"title":"SUSE CVE CVE-2014-1693","tracking":{"current_release_date":"2025-04-15T08:27:28Z","generator":{"date":"2023-02-15T05:30:35Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2014-1693","initial_release_date":"2023-02-15T05:30:35Z","revision_history":[{"date":"2023-02-15T05:30:35Z","number":"2","summary":"Current version"},{"date":"2024-10-11T05:56:21Z","number":"3","summary":"Current version"},{"date":"2025-03-16T12:22:07Z","number":"4","summary":"Current version"},{"date":"2025-04-15T08:27:28Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Cloud 2.0","product":{"name":"SUSE Cloud 2.0","product_id":"SUSE Cloud 2.0"}},{"category":"product_name","name":"SUSE Cloud 4","product":{"name":"SUSE Cloud 4","product_id":"SUSE Cloud 4","product_identification_helper":{"cpe":"cpe:/a:suse:suse-cloud:4"}}},{"category":"product_name","name":"SUSE Cloud 4 Dependencies","product":{"name":"SUSE Cloud 4 Dependencies","product_id":"SUSE Cloud 4 Dependencies","product_identification_helper":{"cpe":"cpe:/o:suse:suse-cloud-deps:11:sp3"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 3.0","product":{"name":"SUSE OpenStack Cloud 3.0","product_id":"SUSE OpenStack Cloud 3.0"}},{"category":"product_version","name":"erlang","product":{"name":"erlang","product_id":"erlang","product_identification_helper":{"cpe":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/erlang@?upstream=erlang.src.rpm"}}},{"category":"product_version","name":"erlang-R14B-0.14.3","product":{"name":"erlang-R14B-0.14.3","product_id":"erlang-R14B-0.14.3","product_identification_helper":{"purl":"pkg:rpm/suse/erlang@R14B-0.14.3?upstream=erlang-R14B-0.14.3.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"erlang-R14B-0.14.3 as component of SUSE OpenStack Cloud 3.0","product_id":"SUSE OpenStack Cloud 3.0:erlang-R14B-0.14.3"},"product_reference":"erlang-R14B-0.14.3","relates_to_product_reference":"SUSE OpenStack Cloud 3.0"},{"category":"default_component_of","full_product_name":{"name":"erlang as component of SUSE Cloud 2.0","product_id":"SUSE Cloud 2.0:erlang"},"product_reference":"erlang","relates_to_product_reference":"SUSE Cloud 2.0"},{"category":"default_component_of","full_product_name":{"name":"erlang as component of SUSE Cloud 4","product_id":"SUSE Cloud 4:erlang"},"product_reference":"erlang","relates_to_product_reference":"SUSE Cloud 4"},{"category":"default_component_of","full_product_name":{"name":"erlang as component of SUSE Cloud 4 Dependencies","product_id":"SUSE Cloud 4 Dependencies:erlang"},"product_reference":"erlang","relates_to_product_reference":"SUSE Cloud 4 Dependencies"}]},"vulnerabilities":[{"cve":"CVE-2014-1693","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-1693"}],"notes":[{"category":"general","text":"Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Cloud 2.0:erlang","SUSE Cloud 4 Dependencies:erlang","SUSE Cloud 4:erlang"],"recommended":["SUSE OpenStack Cloud 3.0:erlang-R14B-0.14.3"]},"references":[{"category":"external","summary":"CVE-2014-1693","url":"https://www.suse.com/security/cve/CVE-2014-1693"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 861573 for CVE-2014-1693","url":"https://bugzilla.suse.com/861573"},{"category":"external","summary":"Advisory link for SUSE-SU-2014:0659-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2014-May/000816.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE OpenStack Cloud 3.0:erlang-R14B-0.14.3"]}],"threats":[{"category":"impact","date":"2014-01-29T04:20:43Z","details":"important"}],"title":"CVE-2014-1693"}]}