漏洞信息详情
ProFTPD ASCII文件传输缓冲区溢出漏洞
- CNNVD编号:CNNVD-200311-044
- 危害等级: 超危
![图片[1]-ProFTPD ASCII文件传输缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-26/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-2003-0831
- 漏洞类型:
缓冲区溢出
- 发布时间:
2003-11-17
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
proftpd_project - 漏洞来源:
Discovery is credi… -
漏洞简介
ProFTPD 1.2.7到1.2.9rc2版本不能在转换ASCII模式下的文件时正确翻译换行符,远程攻击者可以通过使用某些文件的缓冲区溢出执行任意代码。
漏洞公告
The vendor has stated that patched versions of ProFTPD 1.2.7 through 1.2.9rc2 have been made available. These patched versions can be obtained from the vendor through various mirrors and are denoted with a ‘p’ after the version number, for example:
proftpd-1.2.7p.tar.gz
Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below.
Slackware has released fixes to address this issue.
OpenPKG updates are available. See advisory OpenPKG-SA-2003.043.
Mandrake has issued fixes listed in advisory MDKSA-2003:095. **UPDATE: On Dec 31, 2003 Mandrake released new fixes correcting a bug in the patched version of ProFTPD.
Trustix has issued fixes for Trustix Secure Linux. See advisory TSLSA-2003-0037 in the reference section.
GENTOO has released an advisory 200309-16 and fix information to address this issue. Please see the referenced advisory for more information.
Conectiva has released advisory CLA-2003:750 to address this issue.
Turbolinux has released an advisory TLSA-2003-54 and fix information to address this issue. Please see the referenced advisory for more information.
ProFTPD versions 1.2.9 and 1.2.9rc3 have been released which are not prone to this issue. Users are advised to obtain the fixes.
Sun has released a fix for the Qube3.
Sun Cobalt RaQ XTR
-
Sun RaQXTR-All-Security-1.0.2-16623.pkg
http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security-
1.0.2-16623.pkg
ProFTPD Project ProFTPD 1.2.7
-
Conectiva proftpd-1.2.7-27285U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/proftpd-1.2.7-27285U90_2cl.
i386.rpm -
Conectiva proftpd-doc-1.2.7-27285U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/proftpd-doc-1.2.7-27285U90_
2cl.i386.rpm -
Mandrake proftpd-1.2.8-1.1.91mdk.i586.rpmMandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake proftpd-1.2.8-1.1.91mdk.ppc.rpmMandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php -
Mandrake proftpd-anonymous-1.2.8-1.1.91mdk.i586.rpmMandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake proftpd-anonymous-1.2.8-1.1.91mdk.ppc.rpmMandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php -
ProFTPD Project ProFTPD 1.2.9
http://proftpd.linux.co.uk/download.html -
Sun Qube3-All-Security-4.0.2-16623.pkg
http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
.2-16623.pkg
ProFTPD Project ProFTPD 1.2.7 rc2
-
ProFTPD Project ProFTPD 1.2.9rc3
http://proftpd.linux.co.uk/download.html
ProFTPD Project ProFTPD 1.2.7 rc3
-
ProFTPD Project ProFTPD 1.2.9rc3
http://proftpd.linux.co.uk/download.html
ProFTPD Project ProFTPD 1.2.7 rc1
-
ProFTPD Project ProFTPD 1.2.9rc3
http://proftpd.linux.co.uk/download.html
ProFTPD Project ProFTPD 1.2.8
-
Mandrake proftpd-1.2.8-5.1.92mdk.i586.rpmMandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake proftpd-anonymous-1.2.8-5.1.92mdk.i586.rpmMandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
ProFTPD Project ProFTPD 1.2.9
http://proftpd.linux.co.uk/download.html -
Slackware proftpd-1.2.8p-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/p
roftpd-1.2.8p-i386-1.tgz -
Slackware proftpd-1.2.8p-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/p
roftpd-1.2.8p-i386-1.tgz -
Slackware proftpd-1.2.8p-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/pr
oftpd-1.2.8p-i486-1.tgz
ProFTPD Project ProFTPD 1.2.8 rc1
-
ProFTPD Project ProFTPD 1.2.9rc3
http://proftpd.linux.co.uk/download.html
ProFTPD Project ProFTPD 1.2.8 rc2
-
ProFTPD Project ProFTPD 1.2.9rc3
http://proftpd.linux.co.uk/download.html
ProFTPD Project ProFTPD 1.2.9 rc1
-
ProFTPD Project ProFTPD 1.2.9rc3
http://proftpd.linux.co.uk/download.html
ProFTPD Project ProFTPD 1.2.9 rc2
-
ProFTPD Project ProFTPD 1.2.9rc3
http://proftpd.linux.co.uk/download.html
参考网址
来源:US-CERT Vulnerability Note: VU#405348
名称: VU#405348
链接:http://www.kb.cert.org/vuls/id/405348
来源: BUGTRAQ
名称: 20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106441655617816&w=2
来源: XF
名称: proftpd-ascii-xfer-newline-bo(12200)
链接:http://xforce.iss.net/xforce/xfdb/12200
来源: ISS
名称: 20030923 ProFTPD ASCII File Remote Compromise Vulnerability
链接:http://xforce.iss.net/xforce/alerts/id/154
来源: MANDRAKE
名称: MDKSA-2003:095
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:095
来源: SECUNIA
名称: 9829
链接:http://secunia.com/advisories/9829
来源: BUGTRAQ
名称: 20031013 Remote root exploit for proftpd \n bug
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106606885611269&w=2
来源: FULLDISC
名称: 20031014 Another ProFTPd root EXPLOIT ?
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
