NetBSD Information for VU#593299

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow



Vendor Statement

NetBSD has published an advisory about this issue at:


                 NetBSD Security Advisory 2000-018

Topic:          One-byte buffer overrun in ftpd
Version:        All official releases up to and including 1.5
Severity:       possible remote root compromise.
Fixed:          NetBSD-current: December 4, 2000
                NetBSD 1.4 branch: December 14, 2000
                NetBSD 1.5 branch: December 13, 2000

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



Good signature made 2000-12-20 18:48 GMT by key:

  1024 bits, Key ID F8376205, Created 1997-07-01

If you have feedback, comments, or additional information about this vulnerability, please send us email.