CVE-2008-2031
published 2008-04-30CVE-2008-2031: VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
46.31%
98.7th percentile
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vicftps | vicftps | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on FTP LIST commands containing the '/\/' (slash-backslash-slash) pattern, which is the trigger for the VicFTPS 5.0 crash. ↗
- →Monitor FTP sessions authenticating as 'Anonymous' with password '[email protected]' followed immediately by a malformed LIST command — this matches the PoC exploit's exact credential and attack sequence. ↗
- →The Metasploit auxiliary module 'auxiliary/dos/windows/ftp/vicftps50_list' can be used to test exposure; detect its use by correlating FTP LIST DoS patterns against VicFTPS 5.0 banners. ↗
- ·The DoS only triggers after successful authentication; anonymous login must be enabled on the target VicFTPS 5.0 instance for the unauthenticated-style PoC to work. Disabling anonymous FTP access raises the bar for exploitation. ↗
- ·CVE-2008-2031 and CVE-2008-6829 may describe the same underlying issue; detections built for one should be validated against both CVE identifiers. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-48p8-rpvf-qgx2: VicFTPS 5
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2008-6829 [MEDIUM] CWE-20 GHSA-48p8-rpvf-qgx2: VicFTPS 5
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.
GHSA
GHSA-726p-prgg-7pwm: VicFTPS 5
ghsa_unreviewed·2022-05-01
CVE-2008-2031 [MEDIUM] CWE-20 GHSA-726p-prgg-7pwm: VicFTPS 5
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
Exploit-DB
vicFTP 5.0 - 'LIST' Remote Denial of Service
exploitdb·2008-10-24
CVE-2008-6829 vicFTP 5.0 - 'LIST' Remote Denial of Service
vicFTP 5.0 - 'LIST' Remote Denial of Service
---
#include
#include
#include
#define __z00ro(a) memset(a,0,sizeof(a));
//greetings : SiD.psycho
//Smallest greetings : Gorion - lofamy cIem We want be like y0U :***
unsigned int setport(const char* port){
if((atoi(port)==0) || (atoi(port)<0)){
return 21;
}
return atoi(port);
}
int main(int argc,char **argv){
printf("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"
"+=========== vicFTPS v 5.0 REMOTE dos POC ;[ ===========+\n"
"+=========== Alfons Luja sp Z.0.0 ===========+\n"
"+=========== I want clear b00f not a d0s !!! ===========+\n"
"+=========== Propably 0 dAy ===========+\n"
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
if(argc<3){
printf("\nuse poc.exe IP PORT\n");
return 0;
}
int socks;
host
Metasploit
Victory FTP Server 5.0 LIST DoS
metasploit
Victory FTP Server 5.0 LIST DoS
Victory FTP Server 5.0 LIST DoS
The Victory FTP Server v5.0 can be brought down by sending a very simple LIST command
No writeups or analysis indexed.
2008-04-30
Published