CVE-2001-0965

glFTPD 1.23 - Denial of Service via LIST Command with Excessive Wildcards

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0965. PoCs published by ASGUARD LABS.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in glFtpD by sending a specially crafted 'LIST' command with an excessive number of '*' characters, causing the server to consume all CPU resources and become unresponsive.

Description

glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ASGUARD LABS · perldosunix
https://www.exploit-db.com/exploits/21074

This exploit targets a denial-of-service vulnerability in glFtpD by sending a specially crafted 'LIST' command with an excessive number of '*' characters, causing the server to consume all CPU resources and become unresponsive.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: glFtpD v1.23i
Auth required
Prerequisites: Network access to the target FTP server · Valid FTP credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3201
Vendor Advisory x_refsource_confirm
http://www.glftpd.org/
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7001.php
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html

Scores

EPSS 0.0713
EPSS Percentile 93.5%

Details

Status published
Products (9)
glftpd/glftpd 1.13.6
glftpd/glftpd 1.16.9
glftpd/glftpd 1.17.2
glftpd/glftpd 1.18a
glftpd/glftpd 1.19
glftpd/glftpd 1.20
glftpd/glftpd 1.21
glftpd/glftpd 1.22b
glftpd/glftpd 1.23
Published Aug 31, 2001
Tracked Since Feb 18, 2026