CVE-2007-5300

wzdftpd 0.8.0 0.8.2 - Denial of Service via Long USER Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5300. PoCs published by k1tk4t.

AI-analyzed exploit summary This exploit sends an overly long 'USER' command (8000 'A' characters) to trigger a buffer overflow in wzdftpd 0.8.0, causing a denial of service (DoS) via an access violation. It is a straightforward network-based attack targeting the FTP service.

Description

Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · perldoswindows

https://www.exploit-db.com/exploits/4498

View Code ZIP pw:eip

This exploit sends an overly long 'USER' command (8000 'A' characters) to trigger a buffer overflow in wzdftpd 0.8.0, causing a denial of service (DoS) via an access violation. It is a straightforward network-based attack targeting the FTP service.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: wzdftpd 0.8.0

No auth needed

Prerequisites: Network access to the target FTP service

MITRE ATT&CK