Primary

Context

MiniFtp Buffer Overflow Vulnerability in Configuration Parser Allows Local Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in MiniFtp, specifically within the 'parseconf_load_setting' function. This vulnerability allows local attackers to execute arbitrary code by providing oversized configuration values. Attackers can create a 'miniftpd.conf' file with values exceeding 128 bytes, which can overflow stack buffers, overwrite the return address, and enable code execution with root privileges.

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for arbitrary code execution with root privileges.

Reproduction

The vulnerability can be reproduced by crafting a 'miniftpd.conf' file that includes values longer than 128 bytes. When MiniFtp processes this configuration file, the oversized values will overflow the stack buffers. This can be done manually or by using an exploit that automates the process, such as the one available on Exploit Database.

Added: Mar 22, 2026, 2:24 PM

Updated: Mar 22, 2026, 2:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.5

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.5

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MiniFtp Buffer Overflow Vulnerability in Configuration Parser Allows Local Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating