CVE-2023-45198

Severity

75%

Complexity

39%

Confidentiality

60%

ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.

CVSS 3.1 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Overview

First reported 1 year ago

2023-10-05 05:15:00

Last updated 1 year ago

2023-10-11 17:15:00

Affected Software

NetBSD ftpd

References

https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html

http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95

https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html

Mailing List, Vendor Advisory

http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.