CVE-2001-1501

ProFTPD 1.2.1 - DoS

Title source: llm

Description

The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Frank DENIS · bashremotelinux

https://www.exploit-db.com/exploits/20690

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2002:005

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/169395

Scores

EPSS 0.0815

EPSS Percentile 92.2%

Details

Status published

Products (1)

proftpd_project/proftpd 1.2.1

Published Dec 31, 2001

Tracked Since Feb 18, 2026