Vulnerabilities > CVE-2023-45198 - Unspecified vulnerability in Netbsd Ftpd and Tnftpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
References
- http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95
- http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95
- https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html
- https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html