CVE Vulnerabilities

CVE-2004-1294

Published: Jan 10, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.

Affected Software

Name Vendor Start Version End Version
Tnftp Luke_mewburn 2003-08-25 2003-08-25
Tnftp Ubuntu dapper *
Tnftp Ubuntu devel *
Tnftp Ubuntu edgy *
Tnftp Ubuntu feisty *
Tnftp Ubuntu gutsy *
Tnftp Ubuntu hardy *
Tnftp Ubuntu intrepid *
Tnftp Ubuntu jaunty *
Tnftp Ubuntu karmic *

References