Vulnerability Details : CVE-2008-4572
Public exploit exists!
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-4572
Probability of exploitation activity in the next 30 days: 40.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-4572
-
Guild FTPd 0.999.8.11/0.999.14 Heap Corruption
Disclosure Date: 2008-10-12First seen: 2020-04-26auxiliary/dos/windows/ftp/guildftp_cwdlistGuild FTPd 0.999.8.11 and 0.999.14 are vulnerable to heap corruption. You need to have a valid login so you can run CWD and LIST. Authors: - kris katterjohn <katterjohn@gmail.com>
CVSS scores for CVE-2008-4572
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-4572
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4572
-
http://www.vupen.com/english/advisories/2008/2794
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45818
-
https://www.exploit-db.com/exploits/6738
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service - Windows dos Exploit
-
http://www.securityfocus.com/bid/31729
-
http://securityreason.com/securityalert/4422
Products affected by CVE-2008-4572
- cpe:2.3:a:guildftpd:guildftpd:0.999.14:*:*:*:*:*:*:*