QwikSec

Security Database

CVE

CWE

Training

CVE-2011-10029

Published: Aug 20, 2025

Modified: May 15, 2026

PUBLISHED

Description

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.

Vendor	Product	Versions
Flexbyte Software	Solar FTP Server	affected `0 - <= 2.1.1`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ftp/solarftp_user.rb

exploit

https://www.exploit-db.com/exploits/16204

exploit

https://web.archive.org/web/20111102141514/https://solarftp.com/

product

https://web.archive.org/web/20111009122553/http://solarftp.com/blog/news/solar-ftp-server-2-1-2.html

vendor-advisory

patch

https://www.vulncheck.com/advisories/solar-ftp-server-malformed-user-dos

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.