Vulnerabilities > CVE-2003-0831 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Proftpd Project Proftpd

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
proftpd-project
CWE-119
nessus
exploit available
NVD
Published: 2003-11-17
Updated: 2017-10-05

Summary

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.

Vulnerable Configurations

Part Description Count
Application
Proftpd_Project
9

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

  • descriptionProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit. CVE-2003-0831. Remote exploit for linux platform
    idEDB-ID:110
    last seen2016-01-31
    modified2003-10-13
    published2003-10-13
    reporterHaggis
    sourcehttps://www.exploit-db.com/download/110/
    titleProFTPD 1.2.7 - 1.2.9rc2 - Remote Root & brute-force Exploit
  • descriptionProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability. CVE-2003-0831. Dos exploit for linux platform
    idEDB-ID:23170
    last seen2016-02-02
    modified2003-09-23
    published2003-09-23
    reporternetris
    sourcehttps://www.exploit-db.com/download/23170/
    titleProFTPD 1.2.7/1.2.8 - ASCII File Transfer Buffer Overrun Vulnerability
  • descriptionProFTPD 1.2.9rc2 ASCII File Remote Root Exploit. CVE-2003-0831. Remote exploit for linux platform
    fileexploits/linux/remote/107.c
    idEDB-ID:107
    last seen2016-01-31
    modified2003-10-04
    platformlinux
    port21
    published2003-10-04
    reporterbkbll
    sourcehttps://www.exploit-db.com/download/107/
    titleProFTPD 1.2.9rc2 - ASCII File Remote Root Exploit
    typeremote

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PROFTPD_128_1.NASL
    descriptionThe following package needs to be updated: proftpd
    last seen2016-09-26
    modified2011-10-03
    plugin id12605
    published2004-07-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=12605
    titleFreeBSD : ProFTPD ASCII translation bug resulting in remote root compromise (156)
    code
    #%NASL_MIN_LEVEL 999999

# @DEPRECATED@
#
# This script has been deprecated by freebsd_pkg_cf0fb4263f9611d8b0960020ed76ef5a.nasl.
#
# Disabled on 2011/10/02.
#

#
# (C) Tenable Network Security, Inc.
#
# This script contains information extracted from VuXML :
#
# Copyright 2003-2006 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#   copyright notice, this list of conditions and the following
#   disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#   published online in any format, converted to PDF, PostScript,
#   RTF and other formats) must reproduce the above copyright
#   notice, this list of conditions and the following disclaimer
#   in the documentation and/or other materials provided with the
#   distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
#

include('compat.inc');

if ( description )
{
 script_id(12605);
 script_version("1.10");
 script_cve_id("CVE-2003-0831");

 script_name(english:"FreeBSD : ProFTPD ASCII translation bug resulting in remote root compromise (156)");

script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');
script_set_attribute(attribute:'description', value:'The following package needs to be updated: proftpd');
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_cwe_id(119);
script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');
script_set_attribute(attribute: 'see_also', value: 'http://mozillanews.org/?article_date=2004-12-08+06-48-46
http://secunia.com/advisories/11185
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://security.e-matters.de/advisories/032004.html
http://www.ethereal.com/appnotes/enpa-sa-00013.html
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
http://www.mozilla.org/security/announce/mfsa2005-34.html
http://xforce.iss.net/xforce/alerts/id/154
https://bugzilla.mozilla.org/show_bug.cgi?id=103638
https://bugzilla.mozilla.org/show_bug.cgi?id=273699
https://bugzilla.mozilla.org/show_bug.cgi?id=288556');
script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/cf0fb426-3f96-11d8-b096-0020ed76ef5a.html');

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
 script_cvs_date("Date: 2018/07/20  0:18:52");
 script_end_attributes();
 script_summary(english:"Check for proftpd");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 family["english"] = "FreeBSD Local Security Checks";
 script_family(english:family["english"]);
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/FreeBSD/pkg_info");
 exit(0);
}

# Deprecated.
exit(0, "This plugin has been deprecated. Refer to plugin #37015 (freebsd_pkg_cf0fb4263f9611d8b0960020ed76ef5a.nasl) instead.");

global_var cvss_score;
cvss_score=7;
include('freebsd_package.inc');


pkg_test(pkg:"proftpd<1.2.8_1");
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CF0FB4263F9611D8B0960020ED76EF5A.NASL
    descriptionA buffer overflow exists in the ProFTPD code that handles translation of newline characters during ASCII-mode file uploads. An attacker may exploit this buffer overflow by uploading a specially crafted file, resulting in code execution and ultimately a remote root compromise.
    last seen2020-06-01
    modified2020-06-02
    plugin id37015
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37015
    titleFreeBSD : ProFTPD ASCII translation bug resulting in remote root compromise (cf0fb426-3f96-11d8-b096-0020ed76ef5a)
  • NASL familyFTP
    NASL idPROFTPD_ASCII_OVERFLOW.NASL
    descriptionThe remote host is running a version of ProFTPD which seems to be vulnerable to a buffer overflow when a user downloads a malformed ASCII file. An attacker with upload privileges on this host may abuse this flaw to gain a root shell on this host. *** The author of ProFTPD did not increase the version number *** of his product when fixing this issue, so it might be false *** positive.
    last seen2020-06-01
    modified2020-06-02
    plugin id11849
    published2003-09-23
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11849
    titleProFTPD File Transfer Newline Character Overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-095.NASL
    descriptionA vulnerability was discovered by X-Force Research at ISS in ProFTPD
    last seen2020-06-01
    modified2020-06-02
    plugin id14077
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14077
    titleMandrake Linux Security Advisory : proftpd (MDKSA-2003:095-1)

References