ProFTPD off-by-one _xlate_ascii_write function buffer overflow

proftpd-offbyone-bo (15387) The risk level is classified as HighHigh Risk


ProFTPD is vulnerable to a buffer overflow, caused by off-by-one errors in the _xlate_ascii_write function. By issuing a specially-crafted RETR command containing 1023 bytes or more that begins with a LF (Line Feed) character, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of ProFTPD.


Gain Access


Upgrade to the latest version of ProFTPD (1.2.9rc3 or later), available from the ProFTPD Web site. See References.


  • ProFTPD Web site: The ProFTPD Project: Downloading and mirror sites.
  • BID-9782: ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
  • CVE-2004-0346: Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
  • OSVDB ID: 4134: ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow

Platforms Affected:

  • ProFTPD ProFTPD 1.2.7
  • ProFTPD ProFTPD 1.2.8
  • ProFTPD ProFTPD 1.2.9 rc1
  • ProFTPD ProFTPD 1.2.9 rc2
  • Turbolinux Turbolinux 7 Server
  • Turbolinux Turbolinux 7 Workstation
  • Turbolinux Turbolinux 8 Server
  • Turbolinux Turbolinux 8 Workstation
  • Turbolinux Turbolinux Appliance Server 1.0 Workgroup Ed


Mar 04, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page