CVE-2000-0574

OpenBSD ftpd - Remote Code Execution via Format String in setproctitle

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0574. PoCs published by Teso.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in OpenBSD's ftp daemon (CVE-2000-0574) by sending a maliciously crafted MKD command with shellcode to achieve remote code execution. The shellcode is designed to spawn a shell, and the exploit manipulates the return address to redirect execution flow.

Description

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Teso · clocalbsd

https://www.exploit-db.com/exploits/396

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in OpenBSD's ftp daemon (CVE-2000-0574) by sending a maliciously crafted MKD command with shellcode to achieve remote code execution. The shellcode is designed to spawn a shell, and the exploit manipulates the return address to redirect execution flow.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenBSD ftp daemon (version not explicitly specified)

Auth required

Prerequisites: Network access to the target FTP service · Valid FTP credentials (anonymous or otherwise)

MITRE ATT&CK