CVE-2001-0965 in glFTPD
Summary
by MITRE
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/01/2025
The vulnerability identified as CVE-2001-0965 affects glFTPD version 1.23, a popular FTP server implementation widely used in Unix-like operating systems during the early 2000s. This flaw represents a classic denial of service condition that specifically targets the server's handling of the LIST command, which is fundamental to FTP operations for directory listing. The vulnerability demonstrates how seemingly benign user input can be exploited to consume excessive system resources and disrupt service availability.
The technical flaw resides in the improper validation and processing of the LIST command argument within glFTPD's parsing logic. When an attacker submits a LIST command containing a large number of asterisk characters, the server's internal pattern matching algorithm becomes overwhelmed. Each asterisk character triggers a recursive search operation that exponentially increases computational complexity, leading to sustained high CPU utilization. This behavior stems from inadequate input sanitization and the absence of reasonable limits on wildcard character processing within the FTP command handling routine.
The operational impact of this vulnerability extends beyond simple service disruption as it can effectively render the FTP server completely unresponsive to legitimate users. Attackers can maintain the denial of service condition for extended periods by keeping the CPU consumption at elevated levels, making it particularly dangerous in environments where FTP services are critical for business operations. The vulnerability affects systems where glFTPD 1.23 is deployed and can be exploited remotely without requiring authentication, making it a significant security concern for network administrators.
This vulnerability aligns with CWE-400, which addresses "Uncontrolled Resource Consumption," and demonstrates characteristics consistent with the ATT&CK technique T1499.004 for "Endpoint Denial of Service." The flaw represents a resource exhaustion attack where the attacker leverages the server's legitimate functionality to consume computational resources. Organizations should implement immediate mitigations including updating to patched versions of glFTPD, implementing rate limiting on FTP command processing, and configuring firewall rules to restrict excessive command processing. Additionally, monitoring for unusual CPU patterns and implementing intrusion detection systems can help identify exploitation attempts. The vulnerability highlights the importance of proper input validation and resource management in network services, particularly those handling user-supplied data through standard protocols.