CVE-2004-1294

NameCVE-2004-1294
DescriptionThe mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs285902

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tnftp (PTS)bullseye20200705-2fixed
bookworm20210827-4fixed
sid, trixie20230507-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tnftpsource(unstable)20050625-0.1medium285902

Search for package or bug name: Reporting problems