cbcvebase.
CVE-2000-0574
published 2000-07-07

CVE-2000-0574: FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function…

PriorityP336medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
58.87%
99.0th percentile
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

Affected

20 ranges
VendorProductVersion rangeFixed in
openbsdftpd
openbsdftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd
washington_universitywu-ftpd

Detection & IOCsextracted from sources · hover to see the quote

hash\x32\xdb\x81\xd1\xb1\x72\xcd\x83\x21\x21\x31\xc2\x32\xdb\xb5\x27\xcd\x71\x23\xc2\xb3\x72\xcd\x81\x32\xc1\x12\xdb\xb4\x3e\xcd\x81\xeb\x4f\x35\xc2\x31\xc1\x5e\xb1\x32\x7d\x5e\x98\xfe\xc2\xb8\xed\xcd\x79\x38\xc1\x1d\x3e\x18\xb1\x3d\xcd\x82\x32\xc1\xbb\xd2\xd2\xd2\xff\xf2\xdb\x39\xc1\xb2\x11\x56\x75\xce\x82\x0e\x81\xc9\x13\xe5\xf2\x1e\xb5\x0d\x8d\x1e\x11\xcd\x21\x31\xc2\x09\x42\x21\x19\x70\x48\x21\x41\x9c\xb3\x2b\x81\xf1\x2d\x2e\x18\x1d\x32\x7c\xcd\x82\xe2\xac\xff\xff\xff
commanduser anonymous
commandpass guest@
  • Exploit targets x86/OpenBSD ftpd via format string in setproctitle/set_proc_title; watch for anonymous FTP login (user: anonymous, pass: guest@) followed by rapid MKD (make directory) commands with long, NOP-sled-padded directory names (0x50-filled buffers up to 150–400 bytes) — a hallmark of this exploit's heap-spray technique.
  • Exploit sends MKD commands with shellcode bytes embedded directly as directory names; detect FTP MKD requests containing non-printable/binary byte sequences.
  • Exploit uses format string vulnerability in setproctitle (also called set_proc_title) on FTP servers including OpenBSD ftpd, NetBSD ftpd, ProFTPd, and Opieftpd; monitor for format specifiers (%n, %x, %s) in FTP username or path fields passed to these functions.
  • Exploit version string '0.2.0' and tool name '7350-crocodile' may appear in attacker tooling artifacts or logs.
  • ·The exploit requires the attacker to supply a valid working directory on the target FTP server as argv[2], meaning exploitation is path-dependent on the target environment.
  • ·The vulnerability affects multiple FTP daemons (OpenBSD ftpd, NetBSD ftpd, ProFTPd, Opieftpd); detection and patching scope must cover all affected implementations, not just OpenBSD.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.