Vulnerability CVE-2003-0831 - CERT Civis.Net

Vulnerability Name:

CVE-2003-0831 (CCN-12200)

Assigned:

2003-09-23

Published:

2003-09-23

Updated:

2017-10-05

Summary:

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2003-0831

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:750
proftpd

Source: FULLDISC
Type: UNKNOWN
20031014 Another ProFTPd root EXPLOIT ?

Source: CCN
Type: Trustix Security Advisory #2003-0037
proftpd

Source: BUGTRAQ
Type: UNKNOWN
20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)

Source: BUGTRAQ
Type: UNKNOWN
20031013 Remote root exploit for proftpd \n bug

Source: CCN
Type: ProFTPD Web site
The ProFTPD Project

Source: CCN
Type: SA9829
ProFTPD ASCII Mode File Transfer Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
9829

Source: CCN
Type: CIAC Information Bulletin N-156
ProFTPD ASCII File Remote Compromise Vulnerability

Source: CCN
Type: US-CERT VU#405348
ProFTPD fails to properly handle newline characters when transferring files in ASCII mode

Source: CERT-VN
Type: US Government Resource
VU#405348

Source: CCN
Type: Gentoo Linux Security Announcement 200309-16
net-ftp/proftpd

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:095

Source: CCN
Type: OpenPKG-SA-2003.043
ProFTPD

Source: CCN
Type: OSVDB ID: 10769
ProFTPD File Transfer Newline Character Overflow

Source: CCN
Type: SecuriTeam Mailing List, Security Holes & Exploits 14 Oct 2003
ProFTPD ASCII File Remote Root Exploit (Breaks Chroot)

Source: CCN
Type: BID-8679
ProFTPD ASCII File Transfer Buffer Overrun Vulnerability

Source: CCN
Type: slackware-security Mailing List, Tue, 23 Sep 2003 23:06:38 -0700 (PDT)
ProFTPD Security Advisory (SSA:2003-259-02)

Source: CCN
Type: TLSA-2003-54
ASCII File Remote Compromise Vulnerability

Source: CCN
Type: Internet Security Systems Security Advisory, September 23, 2003
ProFTPD ASCII File Remote Compromise Vulnerability

Source: ISS
Type: UNKNOWN
20030923 ProFTPD ASCII File Remote Compromise Vulnerability

Source: XF
Type: UNKNOWN
proftpd-ascii-xfer-newline-bo(12200)

Source: XF
Type: UNKNOWN
proftpd-ascii-xfer-newline-bo(12200)

Source: EXPLOIT-DB
Type: UNKNOWN
107

Source: SUSE
Type: SUSE-SA:2003:041
lsh: remote code execution

Vulnerable Configuration:

Configuration 1:

cpe:/a:proftpd_project:proftpd:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:proftpd_project:proftpd:1.2.7_rc1:*:*:*:*:*:*:*

OR cpe:/a:proftpd_project:proftpd:1.2.7_rc2:*:*:*:*:*:*:*

OR cpe:/a:proftpd_project:proftpd:1.2.7_rc3:*:*:*:*:*:*:*

OR cpe:/a:proftpd_project:proftpd:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:proftpd_project:proftpd:1.2.8_rc1:*:*:*:*:*:*:*

OR cpe:/a:proftpd_project:proftpd:1.2.8_rc2:*:*:*:*:*:*:*

OR cpe:/a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*

OR cpe:/a:proftpd_project:proftpd:1.2.9_rc2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:proftpd:proftpd:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.2.8:rc1:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.2.8:rc2:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.2.9:rc1:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.2.9:rc2:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.2.7:rc3:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.2.7:rc2:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.2.7:rc1:*:*:*:*:*:*

AND

cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:*

OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:1.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*

Denotes that component is vulnerable