Search

Find a vulnerability

Search criteria

    5 vulnerabilities found for tnftpd by netbsd

    VAR-201510-0081

    Vulnerability from variot - Updated: 2025-04-13 21:47

    The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. tnftpd (formerly lukemftpd) is a port of the NetBSD FTP server for other systems that provides functional enhancements to the traditional BSD ftpd

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0081",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tnftpd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netbsd",
            "version": "*"
          },
          {
            "model": "tnftpd",
            "scope": null,
            "trust": 0.8,
            "vendor": "tnftpd",
            "version": null
          },
          {
            "model": "mac os x",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "apple",
            "version": "10.6.8 thats all  10.11"
          },
          {
            "model": "tnftpd",
            "scope": null,
            "trust": 0.6,
            "vendor": "netbsd",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "76908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5917"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:luke_mewburn:tnftpd",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of",
        "sources": [
          {
            "db": "BID",
            "id": "76908"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-5917",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-5917",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-83878",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-5917",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-5917",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-117",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-83878",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-5917",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83878"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5917"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. Apple Mac OS X is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. \nThese issues affect OS X prior to 10.11. tnftpd (formerly lukemftpd) is a port of the NetBSD FTP server for other systems that provides functional enhancements to the traditional BSD ftpd",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-5917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "db": "BID",
            "id": "76908"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83878"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5917"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-5917",
            "trust": 2.9
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2013040082",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "76908",
            "trust": 1.5
          },
          {
            "db": "SECTRACK",
            "id": "1033703",
            "trust": 1.2
          },
          {
            "db": "JVN",
            "id": "JVNVU97220341",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-117",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-83878",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5917",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83878"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5917"
          },
          {
            "db": "BID",
            "id": "76908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5917"
          }
        ]
      },
      "id": "VAR-201510-0081",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83878"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T21:47:10.355000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Apple security updates",
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/HT201222"
          },
          {
            "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
            "trust": 0.8,
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "title": "HT205267",
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/HT205267"
          },
          {
            "title": "HT205267",
            "trust": 0.8,
            "url": "http://support.apple.com/ja-jp/HT205267"
          },
          {
            "title": "tnftp",
            "trust": 0.8,
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/"
          },
          {
            "title": "Apple: OS X El Capitan v10.11",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-5917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5917"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/ht205267"
          },
          {
            "trust": 1.8,
            "url": "https://cxsecurity.com/issue/wlb-2013040082"
          },
          {
            "trust": 1.8,
            "url": "https://www.youtube.com/watch?v=mbk4qykum10"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/76908"
          },
          {
            "trust": 1.2,
            "url": "http://www.securitytracker.com/id/1033703"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5917"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5917"
          },
          {
            "trust": 0.3,
            "url": "https://www.apple.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.apple.com/macosx/"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht205267"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht205267"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83878"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5917"
          },
          {
            "db": "BID",
            "id": "76908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5917"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-83878"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5917"
          },
          {
            "db": "BID",
            "id": "76908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5917"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-83878"
          },
          {
            "date": "2015-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-5917"
          },
          {
            "date": "2015-09-30T00:00:00",
            "db": "BID",
            "id": "76908"
          },
          {
            "date": "2015-10-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "date": "2015-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          },
          {
            "date": "2015-10-09T05:59:35.357000",
            "db": "NVD",
            "id": "CVE-2015-5917"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-83878"
          },
          {
            "date": "2016-12-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-5917"
          },
          {
            "date": "2015-12-08T22:02:00",
            "db": "BID",
            "id": "76908"
          },
          {
            "date": "2015-10-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          },
          {
            "date": "2015-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-5917"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apple OS X Used in  tnftpd of  glob Service disruption in implementations  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-005166"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-117"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-45198 (GCVE-0-2023-45198)

    Vulnerability from nvd – Published: 2023-10-05 00:00 – Updated: 2024-09-19 17:42
    VLAI
    Summary
    ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94\u0026r2=1.95"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45198",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T17:40:07.774862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T17:42:09.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ftpd before \"NetBSD-ftpd 20230930\" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T04:04:21.096Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html"
            },
            {
              "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94\u0026r2=1.95"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-45198",
        "datePublished": "2023-10-05T00:00:00.000Z",
        "dateReserved": "2023-10-05T00:00:00.000Z",
        "dateUpdated": "2024-09-19T17:42:09.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5917 (GCVE-0-2015-5917)

    Vulnerability from nvd – Published: 2015-10-09 01:00 – Updated: 2024-08-06 07:06
    VLAI
    Summary
    The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:06:34.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1033703",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033703"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/issue/WLB-2013040082"
              },
              {
                "name": "APPLE-SA-2015-09-30-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT205267"
              },
              {
                "name": "76908",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76908"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-06T18:57:01.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "name": "1033703",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033703"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2013040082"
            },
            {
              "name": "APPLE-SA-2015-09-30-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT205267"
            },
            {
              "name": "76908",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76908"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2015-5917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1033703",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033703"
                },
                {
                  "name": "https://www.youtube.com/watch?v=MBK4QYkUm10",
                  "refsource": "MISC",
                  "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
                },
                {
                  "name": "https://cxsecurity.com/issue/WLB-2013040082",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/issue/WLB-2013040082"
                },
                {
                  "name": "APPLE-SA-2015-09-30-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
                },
                {
                  "name": "https://support.apple.com/HT205267",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT205267"
                },
                {
                  "name": "76908",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76908"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2015-5917",
        "datePublished": "2015-10-09T01:00:00.000Z",
        "dateReserved": "2015-08-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:06:34.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45198 (GCVE-0-2023-45198)

    Vulnerability from cvelistv5 – Published: 2023-10-05 00:00 – Updated: 2024-09-19 17:42
    VLAI
    Summary
    ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94\u0026r2=1.95"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45198",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T17:40:07.774862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T17:42:09.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ftpd before \"NetBSD-ftpd 20230930\" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T04:04:21.096Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html"
            },
            {
              "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94\u0026r2=1.95"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-45198",
        "datePublished": "2023-10-05T00:00:00.000Z",
        "dateReserved": "2023-10-05T00:00:00.000Z",
        "dateUpdated": "2024-09-19T17:42:09.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5917 (GCVE-0-2015-5917)

    Vulnerability from cvelistv5 – Published: 2015-10-09 01:00 – Updated: 2024-08-06 07:06
    VLAI
    Summary
    The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:06:34.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1033703",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033703"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/issue/WLB-2013040082"
              },
              {
                "name": "APPLE-SA-2015-09-30-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT205267"
              },
              {
                "name": "76908",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/76908"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-06T18:57:01.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "name": "1033703",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033703"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2013040082"
            },
            {
              "name": "APPLE-SA-2015-09-30-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT205267"
            },
            {
              "name": "76908",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/76908"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2015-5917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1033703",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033703"
                },
                {
                  "name": "https://www.youtube.com/watch?v=MBK4QYkUm10",
                  "refsource": "MISC",
                  "url": "https://www.youtube.com/watch?v=MBK4QYkUm10"
                },
                {
                  "name": "https://cxsecurity.com/issue/WLB-2013040082",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/issue/WLB-2013040082"
                },
                {
                  "name": "APPLE-SA-2015-09-30-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
                },
                {
                  "name": "https://support.apple.com/HT205267",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT205267"
                },
                {
                  "name": "76908",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/76908"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2015-5917",
        "datePublished": "2015-10-09T01:00:00.000Z",
        "dateReserved": "2015-08-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:06:34.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }