In the library function realpath(3), there was a string manipulation mistake which could lead to 1-byte buffer overrun. realpath(3) is being used by important network daemons such as ftpd(8), therefore the vulnerability could be remotely exploitable. Note: The same error remained in a derived function in the distribution of the wu-ftpd server (Not part of NetBSD's base system). This information has been available to the general public for a matter of days now. Exploits have been released against wu-ftpd. Homepage added by Radost