PT-2023-29452 · Netbsd · Ftpd

Published

2023-10-05

Updated

2023-10-11

CVE-2023-45198

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ftpd versions prior to 20230930 tnftpd versions prior to 20231001

Description The issue allows information about the host filesystem to be leaked before authentication via an MLSD or MLST command.

Recommendations For ftpd versions prior to 20230930, update to NetBSD-ftpd 20230930 or later. For tnftpd versions prior to 20231001, update to version 20231001 or later. As a temporary workaround, consider restricting access to the MLSD and MLST commands until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-45198

Affected Products

Ftpd

PT-2023-29452 · Netbsd · Ftpd

CVE-2023-45198

Related Identifiers

Affected Products

References · 7