[原文]ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.
NetBSD ftpd STAT Command Firewall State Table Corruption DoS
Remote / Network Access
Denial of Service,
Loss of Integrity,
Loss of Availability
NetBSD contains a flaw that may allow a malicious attacker to corrupt state tables in intermediate firewall devices via the STAT command in ftpd. The issue is triggered when a filename that contains "\n[0-9]" is specified. It is possible that the flaw may result in a loss of integrity and/or availability.
Upgrade to version 1.6.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: update the source in libexec/ftp using CVS and compile a new ftpd binary.