CVE-2023-45198 Information

Description

ftpd before \NetBSD-ftpd 20230930\ can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.

Reference

https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95