CVE-2002-2245

Name of the Vulnerable Software and Affected Versions: NetBSD versions 1.5 through 1.5.3 NetBSD version 1.6

Description: The issue arises from the ftpd in NetBSD not properly quoting a digit in response to a STAT command for a filename that contains a carriage return followed by a digit. This can cause firewalls and other intermediary devices to lose proper track of the FTP session.

Recommendations: For NetBSD versions 1.5 through 1.5.3, consider updating to a version that properly handles the STAT command response. For NetBSD version 1.6, consider updating to a version that properly handles the STAT command response. As a temporary workaround, consider restricting the use of filenames that contain carriage returns followed by digits to minimize the risk of exploitation.