FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Arbitrary code execution via a format string vulnerability in jftpgw

Affected packages
jftpgw < 0.13.5

Details

VuXML ID 65a17a3f-ed6e-11d8-aff1-00061bc2ad93
Discovery 2004-05-30
Entry 2004-08-13
Modified 2004-08-23

The log functions in jftpgw may allow remotely authenticated user to execute arbitrary code via the format string specifiers in certain syslog messages.

References

Bugtraq ID 10438
CVE Name CVE-2004-0448
URL http://www.debian.org/security/2004/dsa-510
URL http://xforce.iss.net/xforce/xfdb/16271

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.