CVE-2004-2523

OpenFTPD <0.30.2 - RCE

Title source: llm

Description

Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.

Exploits (2)

exploitdb WORKING POC VERIFIED

by infamous41md · cremotelinux

https://www.exploit-db.com/exploits/373

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Andi · cremotelinux

https://www.exploit-db.com/exploits/372

View Code ZIP pw:eip

References (8)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2004-08/0017.html

[Patch, Vendor Advisory] http://secunia.com/advisories/12174

[Exploit, Patch] http://securitytracker.com/id?1010823

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16843

[Various Sources] http://www.openftpd.org:9673/openftpd

[Patch] http://archives.neohapsis.com/archives/bugtraq/2004-07/0350.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/8261

[Exploit, Patch] http://www.securityfocus.com/bid/10830

Scores

EPSS 0.2769

EPSS Percentile 96.5%

Details

Status published

Products (4)

openftpd/openftpd_ftp_server 0.29.4

openftpd/openftpd_ftp_server 0.30

openftpd/openftpd_ftp_server 0.30.1

openftpd/openftpd_ftp_server < 0.30.2

Published Dec 31, 2004

Tracked Since Feb 18, 2026