CVE-2011-0762

NUCLEI

vsftpd < 2.3.3 - Authenticated Denial of Service via Glob Expression in STAT Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-0762. PoCs published by Maksymilian Arciemowicz, s3mPr1linux, including Metasploit module auxiliary/dos/ftp/vsftpd_232. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit triggers a remote denial of service (DoS) in vsftpd 2.3.2 by sending a malformed STAT command with deeply nested braces, causing the service to crash with a 'fork' error.

Description

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Maksymilian Arciemowicz · cdoslinux
https://www.exploit-db.com/exploits/16270

This exploit triggers a remote denial of service (DoS) in vsftpd 2.3.2 by sending a malformed STAT command with deeply nested braces, causing the service to crash with a 'fork' error.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: vsftpd 2.3.2
Auth required
Prerequisites: Network access to the vsftpd service · Valid credentials (or anonymous access if enabled)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by s3mPr1linux · poc
https://github.com/s3mPr1linux/CVE-2011-0762

This repository contains a functional exploit in C for CVE-2011-0762, targeting a vulnerability in FTP servers via a maliciously crafted STAT command with nested braces. The exploit establishes a connection, authenticates, and sends the payload to trigger potential memory corruption or crashes.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: FTP servers (specific version not specified)
Auth required
Prerequisites: Network access to the target FTP server · Valid or anonymous FTP credentials
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/ftp/vsftpd_232.rb

This Metasploit module exploits a Denial of Service (DoS) vulnerability in VSFTPD versions before 2.3.3 by sending a malformed STAT command with a large number of nested braces, causing the service to crash.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: VSFTPD < 2.3.3
No auth needed
Prerequisites: Network access to the VSFTPD service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

vsftpd < 2.3.3 - DoS
MEDIUMVERIFIEDby pussycat0x
Shodan: vsftpd || product:"vsftpd"

References (25)

Core 25
Core References
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
Issue Tracking, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133226187115472&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Issue Tracking, Third Party Advisory x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0639
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0668
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2305
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516748/100/0/threaded
Exploit, Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8109
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0547
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/16270
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
Broken Link x_refsource_misc
http://cxib.net/stuff/vspoc232.c
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:049
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0713
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1098-1
Broken Link third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/590604
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025186
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46617
Exploit, Third Party Advisory third-party-advisory x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/95
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0337.html
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN37417423/index.html

Scores

EPSS 0.2395
EPSS Percentile 96.2%

Details

CWE
CWE-400
Status published
Products (18)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 9.10
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
debian/debian_linux 5.0
debian/debian_linux 6.0
debian/debian_linux 7.0
fedoraproject/fedora 13
fedoraproject/fedora 14
... and 8 more
Published Mar 02, 2011
Tracked Since Feb 18, 2026