Vulnerability in N/a
CVE-2003-0831
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
EPSS: 0.551 (98.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 20031013 Remote root exploit for proftpd \n bug (mailing-list, x_refsource_BUGTRAQ)
- 20030923 ProFTPD ASCII File Remote Compromise Vulnerability (x_refsource_ISS, third-party-advisory)
- VU#405348 (x_refsource_CERT-VN, third-party-advisory)
- proftpd-ascii-xfer-newline-bo(12200) (vdb-entry, x_refsource_XF)
- 107 (exploit, x_refsource_EXPLOIT-DB)
- 20031014 Another ProFTPd root EXPLOIT ? (mailing-list, x_refsource_FULLDISC)
- 9829 (x_refsource_SECUNIA, third-party-advisory)
- 20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02) (mailing-list, x_refsource_BUGTRAQ)
- MDKSA-2003:095 (vendor-advisory, x_refsource_MANDRAKE)