CVE-2005-3683

freeFTPd < 1.0.9 - Stack-Based Buffer Overflow via Long USER Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-3683. PoCs published by Metasploit, including Metasploit module exploits/windows/ftp/freeftpd_user.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in freeFTPd 1.0 when logging is enabled. It leverages a malformed USER command to trigger the vulnerability and execute arbitrary code via SEH overwrite.

Description

Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16707

This exploit targets a stack buffer overflow in freeFTPd 1.0 when logging is enabled. It leverages a malformed USER command to trigger the vulnerability and execute arbitrary code via SEH overwrite.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: freeFTPd 1.0
No auth needed
Prerequisites: freeFTPd 1.0 with logging enabled · network access to the FTP service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
cremotewindows
https://www.exploit-db.com/exploits/1330

This exploit targets a buffer overflow vulnerability in FreeFTPD's USER command handling, allowing remote code execution via a crafted username. The PoC includes shellcode for a reverse shell and handles multiple Windows targets.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FreeFTPD (version not specified)
No auth needed
Prerequisites: Network access to FreeFTPD service · Logging enabled in FreeFTPD
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/freeftpd_user.rb

This Metasploit module exploits a stack buffer overflow in freeFTPd 1.0 via a maliciously crafted USER command. It leverages SEH overwrites to achieve remote code execution when logging is enabled.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: freeFTPd 1.0
No auth needed
Prerequisites: Logging enabled in freeFTPd · Network access to the FTP service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015230
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17583
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23118
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2458
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/20909
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=113213763821294&w=2
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=113216611924774&w=2
Various Sources x_refsource_confirm
http://freeftpd.com/?ctt=changelog
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15457

Scores

EPSS 0.8466
EPSS Percentile 99.4%

Details

Status published
Products (9)
freeftpd/freeftpd 1.0
freeftpd/freeftpd 1.0.1
freeftpd/freeftpd 1.0.2
freeftpd/freeftpd 1.0.3
freeftpd/freeftpd 1.0.4
freeftpd/freeftpd 1.0.5
freeftpd/freeftpd 1.0.6
freeftpd/freeftpd 1.0.7
freeftpd/freeftpd 1.0.8
Published Nov 19, 2005
Tracked Since Feb 18, 2026