Vulnerabilities > CVE-2002-2245 - Numeric Errors vulnerability in Netbsd Ftpd

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

netbsd

CWE-189

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.

Vulnerable Configurations

Part	Description	Count
Application	Netbsd Netbsd Ftpd 1.5 Netbsd Ftpd 1.5.1 Netbsd Ftpd 1.5.2 Netbsd Ftpd 1.5.3 Netbsd Ftpd 1.6	5

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

References

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-027.txt.asc