PT-2023-29452 · Netbsd · Ftpd

Publicado

2023-10-05

Atualizado

2023-10-11

CVE-2023-45198

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ftpd versions prior to 20230930 tnftpd versions prior to 20231001

Description The issue allows information about the host filesystem to be leaked before authentication via an MLSD or MLST command.

Recommendations For ftpd versions prior to 20230930, update to NetBSD-ftpd 20230930 or later. For tnftpd versions prior to 20231001, update to version 20231001 or later. As a temporary workaround, consider restricting access to the MLSD and MLST commands until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-45198

Produtos afetados

Ftpd

PT-2023-29452 · Netbsd · Ftpd

CVE-2023-45198

Identificadores relacionados

Produtos afetados

Referências · 7