[VIM] ProFTPD and CVE-2003-0831

security curmudgeon jericho at attrition.org
Tue May 15 01:11:41 UTC 2007


http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0831

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline 
characters when transferring files in ASCII mode, which allows remote 
attackers to execute arbitrary code via a buffer overflow using certain 
files.


This seems like: http://bugs.proftpd.org/show_bug.cgi?id=2147

If so, bottom of that bug report says it is patched in 1.2.9rc2, which 
would contradict the ISS report. The report eventually says it isn't an 
overflow, rather a NULL pointer dereference though. The person who found 
it does say "It may be exploitable."

The changelog doesn't have anything that stands out to me corresponding 
with CVE-2003-0831.

Thoughts?




More information about the VIM mailing list