CVE-2003-0831

ProFTPD <1.2.9rc2 - Buffer Overflow

Title source: llm

Description

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Haggis · cremotelinux

https://www.exploit-db.com/exploits/110

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by bkbll · cremotelinux

https://www.exploit-db.com/exploits/107

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by netris · cdoslinux

https://www.exploit-db.com/exploits/23170

View Code ZIP pw:eip

References (9)

[Various Sources] http://xforce.iss.net/xforce/alerts/id/154

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/12200

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/107/

[Mailing List] http://marc.info/?l=bugtraq&m=106606885611269&w=2

[US Government Resource] http://www.kb.cert.org/vuls/id/405348

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html

[Third Party Advisory] http://secunia.com/advisories/9829

[Mailing List] http://marc.info/?l=bugtraq&m=106441655617816&w=2

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2003:095

Scores

EPSS 0.4088

EPSS Percentile 97.4%

Details

CWE

CWE-119

Status published

Products (9)

proftpd_project/proftpd 1.2.7

proftpd_project/proftpd 1.2.7_rc1

proftpd_project/proftpd 1.2.7_rc2

proftpd_project/proftpd 1.2.7_rc3

proftpd_project/proftpd 1.2.8

proftpd_project/proftpd 1.2.8_rc1

proftpd_project/proftpd 1.2.8_rc2

proftpd_project/proftpd 1.2.9_rc1

proftpd_project/proftpd 1.2.9_rc2

Published Nov 17, 2003

Tracked Since Feb 18, 2026