FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2003-0831

This CVE name corresponds to:

Entered Topic
2004-01-05 ProFTPD ASCII translation bug resulting in remote root compromise

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2003-0831
Phase Assigned(20030924)

Description

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.

References

Source Reference
ISS 20030923 ProFTPD ASCII File Remote Compromise Vulnerability
BUGTRAQ 20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)
BUGTRAQ 20031013 Remote root exploit for proftpd \n bug
FULLDISC 20031014 Another ProFTPd root EXPLOIT ?
MANDRAKE MDKSA-2003:095
CERT-VN VU#405348
SECUNIA 9829
XF proftpd-ascii-xfer-newline-bo(12200)