Headline
CVE-2023-45198: CVS commit: src/libexec/ftpd
ftpd before “NetBSD-ftpd 20230930” can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
- To: source-changes%NetBSD.org@localhost
- Subject: CVS commit: src/libexec/ftpd
- From: “Mateusz Kocielski” <shm%netbsd.org@localhost>
- Date: Fri, 22 Sep 2023 11:23:28 +0000
Module Name: src Committed By: shm Date: Fri Sep 22 11:23:28 UTC 2023
Modified Files: src/libexec/ftpd: ftpcmd.y
Log Message: Add missing check_login checks for MLST and MLSD
To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/libexec/ftpd/ftpcmd.y
Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
- Prev by Date: CVS commit: src/usr.bin/make
- Next by Date: CVS commit: src/sys/dev/pci
- Previous by Thread: CVS commit: src/usr.bin/make
- Next by Thread: CVS commit: src/sys/dev/pci
- Indexes:
- reverse Date
- reverse Thread
- Old Index
Home | Main Index | Thread Index | Old Index