CVE-2012-5905

KnFTPd 1.0.0 - Authenticated Denial of Service via FEAT Command Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5905. PoCs published by Stefan Schurtz.

AI-analyzed exploit summary This Perl script exploits a Denial of Service (DoS) vulnerability in KnFTPd 1.0.0 by sending a maliciously crafted 'FEAT' command with an overly long payload. The exploit requires authentication and triggers a crash by overwhelming the server with a recursive payload.

Description

Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stefan Schurtz · perldoswindows
https://www.exploit-db.com/exploits/18671

This Perl script exploits a Denial of Service (DoS) vulnerability in KnFTPd 1.0.0 by sending a maliciously crafted 'FEAT' command with an overly long payload. The exploit requires authentication and triggers a crash by overwhelming the server with a recursive payload.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: KnFTPd 1.0.0
Auth required
Prerequisites: Network access to the target FTP server · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52805
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/80666
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74441
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18671

Scores

EPSS 0.1634
EPSS Percentile 95.0%

Details

CWE
CWE-119
Status published
Products (1)
elif_keir/knftpd 1.0.0
Published Nov 17, 2012
Tracked Since Feb 18, 2026