Description
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
References
- EXPLOIThttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb
- EXPLOIThttps://www.exploit-db.com/exploits/11293
- MISChttps://www.broadcom.com/support/security-center/attacksignatures/detail?asid=23681
- MISChttps://www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-PORT-OF.html
- MISChttps://web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/vftpd/vftpd.txt
- MISChttps://web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP-Daemon.html
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corruption