CVE-2003-0854

fileutils - Denial of Service via Large -w Value

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0854. PoCs published by Angelo Rosiello.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in WU-FTPD 2.6.2 by sending a malformed LIST command in a loop. It establishes a connection, logs in with provided credentials, and then sends the DoS payload to freeze the server.

Description

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Angelo Rosiello · cdoslinux

https://www.exploit-db.com/exploits/115

View Code ZIP pw:eip

This exploit targets a denial-of-service (DoS) vulnerability in WU-FTPD 2.6.2 by sending a malformed LIST command in a loop. It establishes a connection, logs in with provided credentials, and then sends the DoS payload to freeze the server.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: WU-FTPD 2.6.2

Auth required

Prerequisites: valid credentials for the FTP server · network access to the target FTP server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2005/dsa-705

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/115

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-309.html

Various Sources vendor-advisory x_refsource_turbo

http://www.turbolinux.com/security/TLSA-2003-60.txt

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-310.html

Third Party Advisory, VDB Entry vendor-advisory x_refsource_immunix

http://www.securityfocus.com/advisories/6014

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17069

Various Sources x_refsource_misc

http://www.guninski.com/binls.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10126

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2003:106

Scores

EPSS 0.0106

EPSS Percentile 60.1%

Details

Status published

Products (26)

gnu/fileutils 4.0

gnu/fileutils 4.0.36

gnu/fileutils 4.1

gnu/fileutils 4.1.6

gnu/fileutils 4.1.7

washington_university/wu-ftpd 2.4.1

washington_university/wu-ftpd 2.4.2_beta2

washington_university/wu-ftpd 2.4.2_beta18

washington_university/wu-ftpd 2.4.2_beta18_vr4

washington_university/wu-ftpd 2.4.2_beta18_vr5

... and 16 more

Published Nov 17, 2003

Tracked Since Feb 18, 2026