CVE-2004-1992

Serv-U File Server < 5.0.0.6 - Denial of Service via Long -l Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1992. PoCs published by storm.

AI-analyzed exploit summary This Perl script exploits a remote buffer overflow vulnerability in Serv-U FTP server by sending an overly long LIST command. It establishes a connection, authenticates anonymously, and triggers the overflow with a 134-byte payload, potentially causing a denial of service or arbitrary code execution.

Description

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.

Exploits (1)

exploitdb WORKING POC VERIFIED

by storm · perldoswindows

https://www.exploit-db.com/exploits/24029

View Code ZIP pw:eip

This Perl script exploits a remote buffer overflow vulnerability in Serv-U FTP server by sending an overly long LIST command. It establishes a connection, authenticates anonymously, and triggers the overflow with a 134-byte payload, potentially causing a denial of service or arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Serv-U FTP Server (version not specified)

Auth required

Prerequisites: Network access to the target FTP server · Serv-U FTP server with vulnerable version

MITRE ATT&CK