CVE-2000-0131

Jgaa Warftpd - Buffer Overflow

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0131. PoCs published by crc.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in War-FTPd 1.67 and earlier versions by sending an overly long pathname via the CWD command, causing a denial-of-service (DoS). The code establishes an FTP connection, authenticates, and then sends a maliciously crafted CWD command with a large buffer filled with NOP sleds.

Description

Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by crc · cdoswindows

https://www.exploit-db.com/exploits/19740

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in War-FTPd 1.67 and earlier versions by sending an overly long pathname via the CWD command, causing a denial-of-service (DoS). The code establishes an FTP connection, authenticates, and then sends a maliciously crafted CWD command with a large buffer filled with NOP sleds.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: War-FTPd 1.67 and earlier

Auth required

Prerequisites: Network access to the target FTP server · Valid FTP credentials

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/966

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/4677

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=94960703721503&w=2

Scores

EPSS 0.0755

EPSS Percentile 93.7%

Details

Status published

Products (2)

jgaa/warftpd 1.66x4s

jgaa/warftpd 1.67.3

Published Feb 01, 2000

Tracked Since Feb 18, 2026