Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2003-0831

Published: 17/11/2003 Updated: 05/10/2017
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
VMScore: 915
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Proftpd

Vulnerability Summary

ProFTPD 1.2.7 up to and including 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote malicious users to execute arbitrary code via a buffer overflow using certain files.

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd project proftpd 1.2.7

proftpd project proftpd 1.2.9_rc2

proftpd project proftpd 1.2.8_rc2

proftpd project proftpd 1.2.9_rc1

proftpd project proftpd 1.2.7_rc1

proftpd project proftpd 1.2.7_rc2

proftpd project proftpd 1.2.7_rc3

proftpd project proftpd 1.2.8

proftpd project proftpd 1.2.8_rc1

Exploits

Exploit DB: ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (1)
/* proftpd 127/129rc2 remote root exploit by bkbll (bkbll#cnhonkernet, 2003/10/1) * for FTP_ProFTPD_Translate_Overflow found by X-force * happy birthday, China * this code is dirty, there are more beautiful exploits of proftpd for this vuln in the world * this code want to provied u a method, not finally exploit * using overflow _xlate_asc ...
Exploit DB: ProFTPd 1.2.7/1.2.8 - '.ASCII' File Transfer Buffer Overrun
source: wwwsecurityfocuscom/bid/8679/info A remotely exploitable buffer overrun vulnerability has been reported in ProFTPD This issue could be triggered if an attacker uploads a malformed file and then that file is downloaded in ASCII mode Successful exploitation will permit a malicious FTP user with upload access to execute arbitrary c ...
Exploit DB: ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force
/* ProFTPd 127 - 129rc2 remote r00t exploit -------------------------------------------- By Haggis This exploit builds on the work of bkbll to create a working, brute-force remote exploit for the \n procesing bug in ProFTPd Tested on SuSE 80, 81 and RedHat 72/80 it works quite well the RedHat boxes worked on stack addresses in the 0xb ...

References

CWE-119http://xforce.iss.net/xforce/alerts/id/154http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.htmlhttp://www.kb.cert.org/vuls/id/405348http://secunia.com/advisories/9829http://www.mandriva.com/security/advisories?name=MDKSA-2003:095http://marc.info/?l=bugtraq&m=106606885611269&w=2http://marc.info/?l=bugtraq&m=106441655617816&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/12200https://www.exploit-db.com/exploits/107/https://nvd.nist.govhttps://www.exploit-db.com/exploits/107/https://www.kb.cert.org/vuls/id/405348
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook