Vulnerability Details CVE-2003-0831
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.397
EPSS Ranking 97.2%
CVSS Severity
CVSS v2 Score 9.0
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html
- http://marc.info/?l=bugtraq&m=106441655617816&w=2
- http://marc.info/?l=bugtraq&m=106606885611269&w=2
- http://secunia.com/advisories/9829
- http://www.kb.cert.org/vuls/id/405348
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:095
- http://xforce.iss.net/xforce/alerts/id/154
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12200
- https://www.exploit-db.com/exploits/107/
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html
- http://marc.info/?l=bugtraq&m=106441655617816&w=2
- http://marc.info/?l=bugtraq&m=106606885611269&w=2
- http://secunia.com/advisories/9829
- http://www.kb.cert.org/vuls/id/405348
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:095
- http://xforce.iss.net/xforce/alerts/id/154
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12200
- https://www.exploit-db.com/exploits/107/
Products affected by CVE-2003-0831
-
cpe:2.3:a:proftpd_project:proftpd:1.2.7
-
cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc1
-
cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc2
-
cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc3
-
cpe:2.3:a:proftpd_project:proftpd:1.2.8
-
cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc1
-
cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc2
-
cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1
-
cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc2