CVE-2004-0340 in wftpd
Summary
by MITRE
Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/11/2025
The vulnerability identified as CVE-2004-0340 represents a critical stack-based buffer overflow flaw affecting multiple versions of WFTPD Pro Server and standard WFTPD Server software. This vulnerability specifically impacts versions 3.21 Release 1, 3.20 Release 2, and 3.10, creating a significant security risk for systems running these outdated FTP server implementations. The flaw manifests when the affected servers process certain FTP commands, particularly LIST, NLST, and STAT commands, which are fundamental operations in file transfer protocols that allow clients to list directory contents or retrieve file status information.
The technical nature of this vulnerability stems from improper input validation within the FTP server's command processing routines. When local users submit excessively long arguments to the LIST, NLST, or STAT commands, the server fails to properly bounds-check the incoming data before copying it into fixed-size stack buffers. This classic buffer overflow condition occurs because the implementation does not verify that the length of user-supplied input data exceeds the allocated buffer space, allowing maliciously crafted input to overwrite adjacent memory locations on the stack. The overflow can potentially overwrite return addresses, function pointers, and other critical program state information, providing attackers with the opportunity to redirect program execution flow.
From an operational perspective, this vulnerability presents a severe risk to systems where WFTPD servers are deployed, particularly in enterprise environments where local user access might be granted to individuals who could exploit this weakness. The local privilege escalation aspect means that attackers with legitimate access to the system can leverage this vulnerability to execute arbitrary code with the privileges of the FTP server process. This could lead to complete system compromise, data exfiltration, or the establishment of persistent backdoors. The impact extends beyond immediate code execution, as successful exploitation could allow attackers to gain unauthorized access to sensitive data, modify system configurations, or use the compromised server as a launch point for further attacks within the network infrastructure.
Security practitioners should note that this vulnerability aligns with CWE-121 Stack-based Buffer Overflow, which is categorized under the Common Weakness Enumeration framework as a fundamental flaw in memory management practices. The attack vector follows patterns consistent with the ATT&CK framework's privilege escalation techniques, specifically targeting the execution of malicious code through buffer overflow exploitation. Organizations should prioritize immediate remediation by upgrading to patched versions of the WFTPD software or implementing network segmentation to limit local user access to FTP server processes. Additionally, monitoring for suspicious FTP command sequences and implementing proper input validation measures can help detect and prevent exploitation attempts, while regular security assessments should verify that no other similar vulnerabilities exist within legacy FTP server implementations.