CVE-2005-3684

freeFTPd 1.0.8 - Authenticated Buffer Overflow via MKD or DELE Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3684. PoCs published by Expanders.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in FreeFTPD's USER command handling, allowing remote code execution via a crafted username. The PoC includes shellcode for a reverse shell and targets multiple Windows versions.

Description

Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Expanders · cremotewindows

https://www.exploit-db.com/exploits/1330

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in FreeFTPD's USER command handling, allowing remote code execution via a crafted username. The PoC includes shellcode for a reverse shell and targets multiple Windows versions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FreeFTPD (version not specified)

No auth needed

Prerequisites: Network access to FreeFTPD service · Logging enabled in FreeFTPD

MITRE ATT&CK