cbcvebase.
CVE-2008-6829
published 2009-06-08

CVE-2008-6829: VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward…

PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
37.61%
98.3th percentile
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.

Affected

1 ranges
VendorProductVersion rangeFixed in
vicftpsvicftps

Detection & IOCsextracted from sources · hover to see the quote

commandLIST /\/
  • Detect the malicious LIST command pattern by inspecting FTP traffic for a LIST argument beginning with the sequence '/\/' (slash-backslash-slash), which triggers the crash in VicFTPS 5.0.
  • The exploit authenticates anonymously (USER Anonymous / PASS [email protected]) before sending the malicious LIST command; monitor FTP sessions using anonymous credentials followed immediately by a LIST command containing backslash characters.
  • The Metasploit auxiliary module auxiliary/dos/windows/ftp/vicftps50_list can be used to reproduce and test for this vulnerability in lab environments.
  • ·The NVD entry notes this may be a duplicate of CVE-2008-2031; analysts should cross-reference both CVEs to avoid double-counting detections.
  • ·The exploit requires a valid (or anonymous) authenticated FTP session before the malicious LIST command can be sent; unauthenticated network-layer blocking alone is insufficient if anonymous FTP access is permitted.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.