CVE-2011-10029
published 2025-08-20CVE-2011-10029: Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the…
PriorityP258high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.68%
47.5th percentile
Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flexbyte_software | solar_ftp_server | <= 2.1.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor FTP USER commands containing format specifier characters (e.g., %s, %x, %n) sent to Solar FTP Server; such input triggers a read access violation in __output_1() of sfsservice.exe ↗
- →Alert on unexpected termination or crash of the sfsservice.exe process, which is indicative of successful DoS exploitation ↗
- ·Vulnerability affects Solar FTP Server versions 2.1.1 and earlier only; verify target version before applying detections ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ftp/solarftp_user.rbhttps://web.archive.org/web/20111009122553/http://solarftp.com/blog/news/solar-ftp-server-2-1-2.htmlhttps://web.archive.org/web/20111102141514/https://solarftp.com/https://www.exploit-db.com/exploits/16204https://www.vulncheck.com/advisories/solar-ftp-server-malformed-user-dos
2025-08-20
Published