FTP Vulnerability in NetBSD Affects Multiple Versions
CVE-2002-2245

Currently unrated

Key Information:

Vendor: Netbsd
Status: Ftpd
Vendor: CVE Published:; 31 December 2002

What is CVE-2002-2245?

The ftpd service in NetBSD versions 1.5 to 1.6 is susceptible to a response manipulation issue. Specifically, when the STAT command is issued for a filename that includes a carriage return followed by a digit, the service fails to quote the digit properly. This flaw may lead to complications in tracking FTP sessions by firewalls and other intermediary devices, potentially allowing for unexpected behavior in network communications.

References

ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBS...

vendor-advisoryx_refsource_NETBSD

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2002

CVE-2002-2245 Data

JSON

Netbsd

What is CVE-2002-2245?

References

Timeline