Titan FTP Server version 3.01 build 163 (and possibly other older versions) contains a vulnerability where disconnecting during a LIST -L command may crash the daemon. Remote attackers can cause denial of service by initiating a LIST -L command and then abruptly disconnecting, leading to server instability.
PoC代码[已公开]
id: CVE-2004-0437
info:
name: Titan FTP Server 3.01 - DoS via LIST Command Disconnection
author: pussycat0x
severity: medium
description: |
Titan FTP Server version 3.01 build 163 (and possibly other older versions) contains a vulnerability where disconnecting during a LIST -L command may crash the daemon. Remote attackers can cause denial of service by initiating a LIST -L command and then abruptly disconnecting, leading to server instability.
reference:
- http://marc.info/?l=bugtraq&m=108378048513596&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16057
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss-score: 5
cve-id: CVE-2004-0437
epss-score: 0.00849
epss-percentile: 0.74156
cpe: cpe:2.3:a:south_river_technologies:titan_ftp_server:3.01_build_163:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: south_river_technologies
product: titan_ftp_server
shodan-query: product:"Titan ftpd"
tags: cve,cve2004,network,ftp,titan-ftp,tcp,passive,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Titan')"
- "contains(version, '3.01')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Titan FTP Server ([0-9.]+)"
# digest: 4a0a00473045022008b461b31584c832494d8347534d8274063b6ce01791153b82436b345a5cf0b8022100dcb53c9c244c920a6bb195c7de35adb41f23539c0b5c147bbe069de65da51129:922c64590222798bb761d5b6d8e72950