CVE-2004-1294

Publication date 10 January 2005

Last updated 24 July 2024

Ubuntu priority

The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
tnftp	9.10 karmic	Fixed 20050625-0.2
	9.04 jaunty	Fixed 20050625-0.2
	8.10 intrepid	Fixed 20050625-0.2
	8.04 LTS hardy	Fixed 20050625-0.2
	7.10 gutsy	Fixed 20050625-0.2
	7.04 feisty	Fixed 20050625-0.2
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2004-1294