cbcvebase.
CVE-2008-4572
published 2008-10-15

CVE-2008-4572: GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
60.69%
99.0th percentile
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.

Affected

1 ranges
VendorProductVersion rangeFixed in
guildftpdguildftpd

Detection & IOCsextracted from sources · hover to see the quote

commandcwd /././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././
commandlist XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  • Detect exploitation attempts by monitoring FTP traffic for a CWD command with an abnormally long argument consisting of repeated '/.' patterns (124 repetitions = 248 chars) followed by a LIST command with a long argument (~100 chars).
  • The attack requires a valid FTP login (including anonymous) before issuing the malicious CWD and LIST commands; alert on authenticated FTP sessions sending oversized CWD or LIST arguments.
  • The vulnerability triggers heap corruption via an improper free() call, manifesting as overwritten registers ECX and EDI; crash/DoS of the GuildFTPd process is the observable outcome.
  • Target process is GuildFTPd versions 0.999.8.11 and 0.999.14 on Windows; monitor for unexpected termination of the GuildFTPd service process following receipt of long CWD/LIST commands.
  • ·Anonymous FTP access is sufficient to exploit this vulnerability; disabling anonymous login does not fully mitigate the risk as any valid credential works.
  • ·Both GuildFTPd 0.999.8.11 and 0.999.14 are confirmed vulnerable; version checks should cover both branches.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.