CVE-2017-15271

MEDIUM

PSFTPd 10.0.4 Build 729 - Unauthenticated Use-After-Free via Crafted SSH Identification String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15271. PoCs published by X41 D-Sec GmbH.

AI-analyzed exploit summary This is a security advisory detailing multiple vulnerabilities in PSFTPd Windows FTP Server, including a use-after-free (CVE-2017-15271), log injection (CVE-2017-15270), plaintext password storage (CVE-2017-15272), and FTP bounce scan (CVE-2017-15269). The advisory provides technical details, proof-of-concept steps, and mitigation guidance.

Description

A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.

Exploits (1)

exploitdb WRITEUP

by X41 D-Sec GmbH · textdoswindows

https://www.exploit-db.com/exploits/43144

View Code ZIP pw:eip

This is a security advisory detailing multiple vulnerabilities in PSFTPd Windows FTP Server, including a use-after-free (CVE-2017-15271), log injection (CVE-2017-15270), plaintext password storage (CVE-2017-15272), and FTP bounce scan (CVE-2017-15269). The advisory provides technical details, proof-of-concept steps, and mitigation guidance.

Classification

Writeup 100%

Attack Type

Dos | Info Leak | Other

Complexity

Moderate

Reliability

Reliable

Target: PSFTPd Windows FTP Server 10.0.4 Build 729

No auth needed

Prerequisites: Network access to the target server · SFTP/FTP service exposed

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1592 - Gather Victim Host Information T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/541518/100/0/threaded

Third Party Advisory x_refsource_misc

https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43144/

Scores

CVSS v3 5.9

EPSS 0.0874

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-416

Status published

Products (1)

psftp/psftpd 10.0.4

Published Nov 15, 2017

Tracked Since Feb 18, 2026