Published: 17/11/2003 Updated: 05/10/2017
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
VMScore: 915
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote malicious users to execute arbitrary code via a buffer overflow using certain files.

Affected Products

Vendor Product Versions
Proftpd ProjectProftpd1.2.7, 1.2.7 Rc1, 1.2.7 Rc2, 1.2.7 Rc3, 1.2.8, 1.2.8 Rc1, 1.2.8 Rc2, 1.2.9 Rc1, 1.2.9 Rc2


/* ProFTPd 127 - 129rc2 remote r00t exploit -------------------------------------------- By Haggis This exploit builds on the work of bkbll to create a working, brute-force remote exploit for the \n procesing bug in ProFTPd Tested on SuSE 80, 81 and RedHat 72/80 it works quite well the RedHat boxes worked on stack addresses in the 0xb ...
source: wwwsecurityfocuscom/bid/8679/info A remotely exploitable buffer overrun vulnerability has been reported in ProFTPD This issue could be triggered if an attacker uploads a malformed file and then that file is downloaded in ASCII mode Successful exploitation will permit a malicious FTP user with upload access to execute arbitrary c ...
/* proftpd 127/129rc2 remote root exploit by bkbll (bkbll#cnhonkernet, 2003/10/1) * for FTP_ProFTPD_Translate_Overflow found by X-force * happy birthday, China * this code is dirty, there are more beautiful exploits of proftpd for this vuln in the world * this code want to provied u a method, not finally exploit * using overflow _xlate_asc ...