ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-10-05
Updated
2023-10-11
ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.
Max CVSS
5.0
EPSS Score
0.08%
Published
2002-12-31
Updated
2008-09-05
2 vulnerabilities found