CVE-2009-3976

Labtam ProFTP 2.9 - Buffer Overflow

Title source: llm

Description

Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16709

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by His0k4 · rubyremotewindows

https://www.exploit-db.com/exploits/9508

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/proftp_banner.rb

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/36128

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52730

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9508

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2414

Scores

EPSS 0.6445

EPSS Percentile 98.5%

Details

CWE

CWE-119

Status published

Products (1)

labtam-inc/proftp 2.9

Published Nov 18, 2009

Tracked Since Feb 18, 2026