CVE-2011-10029

HIGH

Solar FTP Server < 2.1.1 - Denial of Service via USER Command Format String

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-10029. PoCs published by x000, including Metasploit module auxiliary/dos/windows/ftp/solarftp_user.

AI-analyzed exploit summary This Perl script exploits a Denial of Service (DoS) vulnerability in Solar FTP Server 2.1 by sending a malformed USER command with a buffer overflow payload. The exploit checks for the presence of the vulnerable server before sending the payload.

Description

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.

Exploits (2)

exploitdb WORKING POC VERIFIED

by x000 · perldoswindows

https://www.exploit-db.com/exploits/16204

View Code ZIP pw:eip

This Perl script exploits a Denial of Service (DoS) vulnerability in Solar FTP Server 2.1 by sending a malformed USER command with a buffer overflow payload. The exploit checks for the presence of the vulnerable server before sending the payload.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Solar FTP Server 2.1

No auth needed

Prerequisites: Network access to the target FTP server · Solar FTP Server 2.1 running on the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/ftp/solarftp_user.rb

View Code ZIP pw:eip

This Metasploit module exploits a format string vulnerability in Solar FTP Server by sending a malformed USER command, causing a denial of service (DoS) via a READ violation in the '__output_1()' function.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Solar FTP Server versions 2.1.1 and earlier

No auth needed

Prerequisites: Network access to the target FTP server on port 21

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ftp/solarftp_user.rb

Various Sources vendor-advisory patch

https://web.archive.org/web/20111009122553/http://solarftp.com/blog/news/solar-ftp-server-2-1-2.html

Various Sources product

https://web.archive.org/web/20111102141514/https://solarftp.com/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/16204

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/solar-ftp-server-malformed-user-dos

Scores

CVSS v4 8.7

EPSS 0.4884

EPSS Percentile 97.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-134

Status published

Products (1)

Flexbyte Software/Solar FTP Server < 2.1.1

Published Aug 20, 2025

Tracked Since Feb 18, 2026