BlendIT BSD Cafe - NetBSD
stefano
•
10 months ago
•
100%
NetBSD Security Advisory 2023-007
A vulnerability in the NetBSD FTP server allows unauthenticated users to execute MLST and MLSD commands without authentication. This can lead to information leakage - unauthorized party may be able to download the listing of the current ftpd(8) directory. This vulnerability has been assigned CVE-2023-45198.
Additionally, potential buffer overflow in count_users() and reading outside of allocated memory issues due to wrong struct type used in the pam_set_item() call have been identified.
Comments 0