CVE-2005-2373

SlimFTPd 3.15-3.16 - Authenticated Buffer Overflow via Long Directory Name

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2373. PoCs published by Metasploit, including Metasploit module exploits/windows/ftp/slimftpd_list_concat.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in SlimFTPd via an overly-long argument in the LIST command. It delivers a payload to achieve remote code execution on vulnerable versions prior to 3.16.

Description

Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16729

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in SlimFTPd via an overly-long argument in the LIST command. It delivers a payload to achieve remote code execution on vulnerable versions prior to 3.16.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SlimFTPd Server <= 3.16

No auth needed

Prerequisites: Network access to the target FTP server · SlimFTPd version <= 3.16

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/slimftpd_list_concat.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in SlimFTPd via an overly-long argument in the LIST command, leading to remote code execution. It targets versions prior to 3.16 and uses a universal return address for exploitation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SlimFTPd Server <= 3.16

Auth required

Prerequisites: Network access to the target FTP server · Valid credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

URL Repurposed x_refsource_confirm

http://www.whitsoftdev.com/slimftpd/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1014542

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/16177

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=112196537312610&w=2

Scores

EPSS 0.4575

EPSS Percentile 98.6%

Details

Status published

Products (2)

whitsoft_development/slimftpd 3.15

whitsoft_development/slimftpd 3.16

Published Jul 26, 2005

Tracked Since Feb 18, 2026