Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mtftpd | Yepyep | 0.1a (including) | 0.1a (including) |
| Mtftpd | Yepyep | 0.2 (including) | 0.2 (including) |
| Mtftpd | Yepyep | 0.3 (including) | 0.3 (including) |
References
- http://unl0ck.org/files/papers/mtftpd.txt
- http://www.securiteam.com/exploits/5KP0W0AF5K.html
- http://www.securityfocus.com/bid/12947
- http://www.tripbit.org/advisories/TA-040305.txt
- http://unl0ck.org/files/papers/mtftpd.txt
- http://www.securiteam.com/exploits/5KP0W0AF5K.html
- http://www.securityfocus.com/bid/12947
- http://www.tripbit.org/advisories/TA-040305.txt