Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0831

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2003-0831
Last Modified 10 Sep 2008 12:00:00
Published 17 Nov 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2003-0831

Summary

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.

Vulnerable Systems

Application

  • Proftpd Project Proftpd 1.2.7

  • Proftpd Project Proftpd 1.2.7 Rc1

  • Proftpd Project Proftpd 1.2.7 Rc2

  • Proftpd Project Proftpd 1.2.7 Rc3

  • Proftpd Project Proftpd 1.2.8

  • Proftpd Project Proftpd 1.2.8 Rc1

  • Proftpd Project Proftpd 1.2.8 Rc2

  • Proftpd Project Proftpd 1.2.9 Rc1

  • Proftpd Project Proftpd 1.2.9 Rc2


References

CERT-VN - VU#405348

BUGTRAQ - 20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)

XF - proftpd-ascii-xfer-newline-bo(12200)

ISS - 20030923 ProFTPD ASCII File Remote Compromise Vulnerability

MANDRAKE - MDKSA-2003:095

SECUNIA - 9829

BUGTRAQ - 20031013 Remote root exploit for proftpd \n bug

FULLDISC - 20031014 Another ProFTPd root EXPLOIT ?


Last Updated: 27 May 2016 10:38:04