CVE-2010-20115

Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption

Description

Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.

INFO

Published Date :

2025-08-21T20:15:15.812Z

Last Modified :

2025-08-21T20:53:36.121Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2010-20115 vulnerability.

Vendors	Products
Arcane Software	Vermillion Ftp Daemon
Microsoft	Windows

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2010-20115.

URL	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb
https://web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP-Daemon.html
https://web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/vftpd/vftpd.txt
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=23681
https://www.exploit-db.com/exploits/11293
https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-PORT-OF.html
https://www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corruption

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability