CVE-2003-0755

gtkftpd 1.0.4 - Buffer Overflow via Long Directory Names in LIST Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0755. PoCs published by vade79.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in GtkFtpd v1.0.4 and below, allowing remote root access by overflowing a buffer during directory listing. It uses a bindshell payload and brute-forces memory addresses to achieve reliable exploitation.

Description

Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by vade79 · cremotelinux

https://www.exploit-db.com/exploits/88

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in GtkFtpd v1.0.4 and below, allowing remote root access by overflowing a buffer during directory listing. It uses a bindshell payload and brute-forces memory addresses to achieve reliable exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GtkFtpd v1.0.4 and below

Auth required

Prerequisites: Valid FTP account (anonymous or authenticated) · Writable directory on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory mailing-list x_refsource_vuln-dev

http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0101.html

Scores

EPSS 0.0564

EPSS Percentile 91.9%

Details

Status published

Products (3)

gtkftpd/gtkftp 1.0.2

gtkftpd/gtkftp 1.0.3

gtkftpd/gtkftp 1.0.4

Published Oct 20, 2003

Tracked Since Feb 18, 2026