- Description
- ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.2:*:alpha:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FA1C84C-6624-4032-8D0E-5EBB054F5224"
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.2:*:arm32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06B9ADAD-ADDC-47AC-9924-B31B17DDF163"
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.2:*:sparc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DC0D30E-DBF1-4FDB-80C0-80DB50D9E77A"
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:1.4.2:*:x86:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "537FD523-1D44-4D85-AED1-C092E0155CF2"
}
],
"operator": "OR"
}
]
}
]