CVE-2005-0958

YepYep mtftpd 0.0.3 - Remote Code Execution via Format String in CWD Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0958. PoCs published by darkeagle.

AI-analyzed exploit summary This exploit targets a format string vulnerability in mtftpd <= 0.0.3, allowing remote code execution by overwriting the GOT entry with a crafted payload. It binds a shell to port 2003 after successful exploitation.

Description

Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by darkeagle · cremotelinux

https://www.exploit-db.com/exploits/902

View Code ZIP pw:eip

This exploit targets a format string vulnerability in mtftpd <= 0.0.3, allowing remote code execution by overwriting the GOT entry with a crafted payload. It binds a shell to port 2003 after successful exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: mtftpd <= 0.0.3

Auth required

Prerequisites: Valid credentials for the FTP server · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12947

Various Sources x_refsource_misc

http://www.tripbit.org/advisories/TA-040305.txt

Exploit x_refsource_misc

http://www.securiteam.com/exploits/5KP0W0AF5K.html

Exploit, URL Repurposed x_refsource_misc

http://unl0ck.org/files/papers/mtftpd.txt

Scores

EPSS 0.0443

EPSS Percentile 90.1%

Details

Status published

Products (3)

yepyep/mtftpd 0.1a

yepyep/mtftpd 0.2

yepyep/mtftpd 0.3

Published May 02, 2005

Tracked Since Feb 18, 2026