FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ProFTPD ASCII translation bug resulting in remote root compromise

Affected packages
proftpd < 1.2.8_1

Details

VuXML ID cf0fb426-3f96-11d8-b096-0020ed76ef5a
Discovery 2003-09-23
Entry 2004-01-05

A buffer overflow exists in the ProFTPD code that handles translation of newline characters during ASCII-mode file uploads. An attacker may exploit this buffer overflow by uploading a specially crafted file, resulting in code execution and ultimately a remote root compromise.

References

CVE Name CVE-2003-0831
URL http://xforce.iss.net/xforce/alerts/id/154