CVE-2001-0053

BSD-based ftpd - Remote Code Execution via replydirname Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0053. PoCs published by Scrippie.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in OpenBSD FTP servers (versions 2.6 and 2.7) to achieve remote code execution. It uses a crafted directory name to overflow the buffer and execute shellcode, providing either a remote shell or local command execution.

Description

One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Scrippie · cremotebsd

https://www.exploit-db.com/exploits/234

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in OpenBSD FTP servers (versions 2.6 and 2.7) to achieve remote code execution. It uses a crafted directory name to overflow the buffer and execute shellcode, providing either a remote shell or local command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenBSD FTP server (2.6, 2.7)

Auth required

Prerequisites: Network access to the target FTP server · Valid FTP credentials (anonymous or otherwise)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Scrippie · textremoteunix

https://www.exploit-db.com/exploits/20512

View Code ZIP pw:eip

The writeup describes a one-byte overflow vulnerability in the replydirname() function of BSD-derived FTP daemons, allowing attackers to manipulate the saved base pointer and potentially execute arbitrary code as root. Exploitation requires a writable directory accessible via anonymous FTP.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: BSD-derived FTP daemon (e.g., 4.x BSD ftpd)

No auth needed

Prerequisites: Anonymous FTP access · Writable directory (e.g., 'incoming')

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5776

Vendor Advisory vendor-advisory x_refsource_netbsd

ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc

Patch mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html

Patch, Vendor Advisory vendor-advisory x_refsource_openbsd

http://www.openbsd.org/advisories/ftpd_replydirname.txt

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2124

Scores

EPSS 0.1793

EPSS Percentile 96.8%

Details

Status published

Products (10)

david_madore/ftpd-bsd 0.2.3

netbsd/netbsd 1.4

netbsd/netbsd 1.4.1

netbsd/netbsd 1.4.2

netbsd/netbsd 1.5

openbsd/openbsd 2.4

openbsd/openbsd 2.5

openbsd/openbsd 2.6

openbsd/openbsd 2.7

openbsd/openbsd 2.8

Published Feb 12, 2001

Tracked Since Feb 18, 2026