CVE-2005-0958 Information

Description

Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3 when the statistics option is enabled allows remote attackers to execute arbitrary code via the CWD command.

Reference

http://unl0ck.org/files/papers/mtftpd.txt http://www.securiteam.com/exploits/5KP0W0AF5K.html http://www.securityfocus.com/bid/12947 http://www.tripbit.org/advisories/TA-040305.txt