CVE-2008-4572

Guildftpd - Memory Corruption

Title source: rule

Description

GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED

by dmnt · pythondoswindows

https://www.exploit-db.com/exploits/6738

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/32218

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45818

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31729

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6738

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2794

[Third Party Advisory] http://securityreason.com/securityalert/4422

Scores

EPSS 0.7687

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (1)

guildftpd/guildftpd 0.999.14

Published Oct 15, 2008

Tracked Since Feb 18, 2026