Skip to main content

CVE-2004-2523

Severity Medium
Score 6.5/10

Summary

Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.

  • LOW
  • NETWORK
  • SINGLE
  • PARTIAL
  • PARTIAL
  • PARTIAL

References

Advisory Timeline

  • Published