Vulnerability Description
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
CVSS Score
9.0
HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proftpd Project | Proftpd | 1.2.7 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html
- http://marc.info/?l=bugtraq&m=106441655617816&w=2
- http://marc.info/?l=bugtraq&m=106606885611269&w=2
- http://secunia.com/advisories/9829
- http://www.kb.cert.org/vuls/id/405348US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:095
- http://xforce.iss.net/xforce/alerts/id/154
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12200
- https://www.exploit-db.com/exploits/107/
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html
- http://marc.info/?l=bugtraq&m=106441655617816&w=2
- http://marc.info/?l=bugtraq&m=106606885611269&w=2
- http://secunia.com/advisories/9829
- http://www.kb.cert.org/vuls/id/405348US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:095
FAQ
What is CVE-2003-0831?
CVE-2003-0831 is a vulnerability with a CVSS score of 9.0 (HIGH). ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using...
How severe is CVE-2003-0831?
CVE-2003-0831 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0831?
Check the references section above for vendor advisories and patch information. Affected products include: Proftpd Project Proftpd.