CVE-2005-3589

FileZilla Server Terminal 0.9.4d - Denial of Service via Long USER FTP Command

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3589. PoCs published by Inge Henriksen, aushack, including Metasploit module auxiliary/dos/windows/ftp/filezilla_admin_user.

AI-analyzed exploit summary This exploit is a proof-of-concept for a denial-of-service (DoS) vulnerability in FileZilla Server Terminal 0.9.4d. It sends increasingly large 'USER' commands to the target FTP server, causing it to crash or become unresponsive.

Description

Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Inge Henriksen · c++doswindows

https://www.exploit-db.com/exploits/1336

View Code ZIP pw:eip

This exploit is a proof-of-concept for a denial-of-service (DoS) vulnerability in FileZilla Server Terminal 0.9.4d. It sends increasingly large 'USER' commands to the target FTP server, causing it to crash or become unresponsive.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: FileZilla Server Terminal 0.9.4d

No auth needed

Prerequisites: Network access to the target FTP server · Target server running FileZilla Server Terminal 0.9.4d

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack overflow vulnerability in FileZilla FTP Server Admin Interface by sending excessively long USER commands, causing a DoS condition. The exploit targets versions 0.9.4d and earlier.