Vulnerability Description
ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netbsd | Ftpd | 1.5 |
Related Weaknesses (CWE)
References
- ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-027.txt.asc
- ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2002-027.txt.asc
FAQ
What is CVE-2002-2245?
CVE-2002-2245 is a vulnerability with a CVSS score of 5.0 (MEDIUM). ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and...
How severe is CVE-2002-2245?
CVE-2002-2245 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2245?
Check the references section above for vendor advisories and patch information. Affected products include: Netbsd Ftpd.