CVE-2001-0247
NetBSD - Remote Code Execution via Long Pattern String with {} Sequence
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2001-0247. PoCs published by Elias Levy, fish stiqz.
AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in BSD-based FTP daemons (e.g., OpenBSD 2.x-2.8) by leveraging directory name expansion via glob() to overflow a buffer and execute arbitrary shellcode, resulting in root access. The exploit constructs a malicious LIST command with a crafted path to trigger the overflow and includes shellcode to spawn a root shell.
Description
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
Exploits (3)
This exploit targets a buffer overflow vulnerability in BSD-based FTP daemons (e.g., OpenBSD 2.x-2.8) by leveraging directory name expansion via glob() to overflow a buffer and execute arbitrary shellcode, resulting in root access. The exploit constructs a malicious LIST command with a crafted path to trigger the overflow and includes shellcode to spawn a root shell.
This exploit targets a buffer overflow vulnerability in BSD-based FTP daemons (CVE-2001-0247) by leveraging glob() expansion to overflow memory during directory listing operations. It sends a crafted STAT command with shellcode to achieve remote code execution as root.
This exploit targets a buffer overflow vulnerability in BSD-based FTP daemons (e.g., FreeBSD 4.X, OpenBSD 2.8) by leveraging glob() expansion to overflow buffers during path parsing. It includes shellcode for setuid(0) and execve() to achieve remote root access.