CVE-2005-0256

wu-ftpd 2.6.1-2.6.2 - Denial of Service via Glob Pattern Recursion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0256. PoCs published by str0ke.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in wu-ftpd <= 2.6.2 by sending a malformed LIST command with an excessively long glob pattern. The code authenticates with the FTP server and then sends the crafted payload to trigger the DoS condition.

Description

The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by str0ke · cdoslinux
https://www.exploit-db.com/exploits/842

This exploit targets a denial-of-service (DoS) vulnerability in wu-ftpd <= 2.6.2 by sending a malformed LIST command with an excessively long glob pattern. The code authenticates with the FTP server and then sends the crafted payload to trigger the DoS condition.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: wu-ftpd <= 2.6.2
Auth required
Prerequisites: Valid FTP credentials · Network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-705
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18210
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1762
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1271
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0588
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14411
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1265
Various Sources vendor-advisory x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1
Various Sources vendor-advisory x_refsource_sco
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19561
Exploit third-party-advisory x_refsource_idefense
http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1333
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/14203

Scores

EPSS 0.0521
EPSS Percentile 91.4%

Details

CWE
CWE-119
Status published
Products (2)
washington_university/wu-ftpd 2.6.1
washington_university/wu-ftpd 2.6.2
Published May 02, 2005
Tracked Since Feb 18, 2026