[VIM] ProFTPD and CVE-2003-0831

security curmudgeon jericho at attrition.org
Tue May 15 01:11:41 UTC 2007


ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline 
characters when transferring files in ASCII mode, which allows remote 
attackers to execute arbitrary code via a buffer overflow using certain 

This seems like: http://bugs.proftpd.org/show_bug.cgi?id=2147

If so, bottom of that bug report says it is patched in 1.2.9rc2, which 
would contradict the ISS report. The report eventually says it isn't an 
overflow, rather a NULL pointer dereference though. The person who found 
it does say "It may be exploitable."

The changelog doesn't have anything that stands out to me corresponding 
with CVE-2003-0831.


More information about the VIM mailing list