BlendIT BSD Cafe - NetBSD
stefano
•
11mo ago
•
100%
NetBSD Security Advisory 2023-007
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2023-007.txt.ascA vulnerability in the NetBSD FTP server allows unauthenticated users to execute MLST and MLSD commands without authentication. This can lead to information leakage - unauthorized party may be able to download the listing of the current ftpd(8) directory. This vulnerability has been assigned CVE-2023-45198.
Additionally, potential buffer overflow in count_users() and reading outside of allocated memory issues due to wrong struct type used in the pam_set_item() call have been identified.
Comments 0