CVE-2006-0441

Sami FTP Server 2.0.1 - Stack-Based Buffer Overflow via Long USER Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2006-0441. PoCs published by n30m1nd, UmZ, Marsu, including Metasploit module exploits/windows/ftp/sami_ftpd_user.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Sami FTP Server 2.0.2 by overwriting SEH and executing a bind shellcode on port 4444. It uses a combination of alignment, SEH overwrite, and shellcode execution to achieve remote code execution.

Description

Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.

Exploits (8)

exploitdb WORKING POC VERIFIED
by n30m1nd · pythonremotewindows
https://www.exploit-db.com/exploits/40675

This exploit targets a buffer overflow vulnerability in Sami FTP Server 2.0.2 by overwriting SEH and executing a bind shellcode on port 4444. It uses a combination of alignment, SEH overwrite, and shellcode execution to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sami FTP Server 2.0.2
No auth needed
Prerequisites: Network access to the target FTP server · Sami FTP Server 2.0.2 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by UmZ · perlremotewindows
https://www.exploit-db.com/exploits/3140

This exploit targets a buffer overflow vulnerability in SAMI FTP Server 2.0.2, allowing arbitrary remote code execution via a crafted USER command. The shellcode spawns calc.exe as a proof of concept.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SAMI FTP Server 2.0.2
No auth needed
Prerequisites: Network access to the target FTP server · SAMI FTP Server 2.0.2 running on Windows 2000 SP4 (or adjusted return address for other versions)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Marsu · cdoswindows
https://www.exploit-db.com/exploits/3127

This exploit triggers a buffer overflow in KarjaSoft Sami FTP Server 2.0.2 by sending an overly long USER/PASS request, overwriting EAX and EDX registers. It demonstrates a denial-of-service condition but does not include shellcode for remote code execution.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: KarjaSoft Sami FTP Server 2.0.2
No auth needed
Prerequisites: Network access to the FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by HolyGhost · c++remotewindows
https://www.exploit-db.com/exploits/1462

This exploit targets a buffer overflow vulnerability in Sami FTP Server, leveraging a crafted payload with NOP sleds and shellcode to achieve remote code execution. The shellcode binds a shell to port 777.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sami FTP Server
No auth needed
Prerequisites: Network access to the target FTP server · Target must be running Sami FTP Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Critical Security · perlremotewindows
https://www.exploit-db.com/exploits/1448

This exploit targets Sami FTP Server v2.0.1 by leveraging a buffer overflow vulnerability to execute arbitrary code (notepad.exe) via a crafted username during login. It uses a variety of return addresses for different Windows and FreeBSD/Wine environments.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sami FTP Server v2.0.1
No auth needed
Prerequisites: Network access to the target FTP server · Knowledge of the target's OS and service pack for correct offset selection
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by redsand · remotewindows
https://www.exploit-db.com/exploits/1452

This exploit targets a stack overflow vulnerability in PMSoftware Samftpd's log handler. It sends a maliciously crafted PASS command with a long buffer to overwrite the return address and execute shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PMSoftware Samftpd (versions affected by CVE-2006-0441)
No auth needed
Prerequisites: Network access to the FTP service · Target system running vulnerable Samftpd version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Muhammad Ahmed Siddiqui, Critical Security, n30m1nd, aushack, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/sami_ftpd_user.rb

This Metasploit module exploits an unauthenticated stack buffer overflow in KarjaSoft Sami FTP Server v2.0.2 by sending an overly long USER string during login, triggering payload execution when the administrator opens the GUI.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: KarjaSoft Sami FTP Server v2.0.2
No auth needed
Prerequisites: Target running Sami FTP Server v2.0.2 · Network access to port 21
devstral-2 · analyzed Apr 24, 2026 Full analysis →
exploitdb WORKING POC
rubyremotewindows
https://www.exploit-db.com/exploits/16702

This Metasploit module exploits a stack-based buffer overflow in KarjaSoft Sami FTP Server v2.02 via an excessively long USER command. The exploit is passive, requiring administrator interaction to view FTP logs for execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: KarjaSoft Sami FTP Server v2.02
No auth needed
Prerequisites: Network access to the FTP server · Administrator interaction to view logs
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/423148/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40675/
Third Party Advisory, VDB Entry x_refsource_misc
http://downloads.securityfocus.com/vulnerabilities/exploits/sami_ftp_poc.pl
Various Sources x_refsource_confirm
http://www.karjasoft.com/samiftp/news
Exploit, Vendor Advisory x_refsource_misc
http://www.critical.lt/?vulnerabilities/208
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18574
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24325
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16370
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0317

Scores

EPSS 0.7803
EPSS Percentile 99.0%

Details

Status published
Products (1)
karjasoft/sami_ftp_server 2.0.1
Published Jan 26, 2006
Tracked Since Feb 18, 2026