CVE-2004-1294

Publication date 10 January 2005

Last updated 17 July 2025

Ubuntu priority

Description

The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tnftp	9.10 karmic	Fixed 20050625-0.2
	9.04 jaunty	Fixed 20050625-0.2
	8.10 intrepid	Fixed 20050625-0.2
	8.04 LTS hardy	Fixed 20050625-0.2
	7.10 gutsy	Fixed 20050625-0.2
	7.04 feisty	Fixed 20050625-0.2
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2004-1294