CVE-2004-0346

Name of the Vulnerable Software and Affected Versions ProFTPD versions 1.2.7 through 1.2.9rc2

Description The issue is caused by an off-by-one buffer overflow in the xlate ascii write() function. This can be exploited by a remote attacker who issues a specially crafted RETR command containing 1023 bytes or more that begins with a Line Feed (LF) character, allowing the attacker to overflow a buffer and execute arbitrary code on the system with the privileges of ProFTPD.

Recommendations For ProFTPD versions 1.2.7 through 1.2.9rc2, update to version 1.2.9rc3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RETR command until a patch is available.