[VIM] ProFTPD and CVE-2003-0831
security curmudgeon
jericho at attrition.org
Tue May 15 01:11:41 UTC 2007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0831
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline
characters when transferring files in ASCII mode, which allows remote
attackers to execute arbitrary code via a buffer overflow using certain
files.
This seems like: http://bugs.proftpd.org/show_bug.cgi?id=2147
If so, bottom of that bug report says it is patched in 1.2.9rc2, which
would contradict the ISS report. The report eventually says it isn't an
overflow, rather a NULL pointer dereference though. The person who found
it does say "It may be exploitable."
The changelog doesn't have anything that stands out to me corresponding
with CVE-2003-0831.
Thoughts?
More information about the VIM
mailing list