Titan FTP versions ≤ 3.21 contain heap overflow vulnerabilities when processing long FTP commands such as CWD, STAT, or LIST. Remote attackers can cause denial of service (daemon crash) by sending excessively long arguments to these commands, potentially leading to server instability.
PoC代码[已公开]
id: CVE-2004-1641
info:
name: Titan FTP ≤ 3.21 - Heap Overflow via Long Commands
author: pussycat0x
severity: medium
description: |
Titan FTP versions ≤ 3.21 contain heap overflow vulnerabilities when processing long FTP commands such as CWD, STAT, or LIST. Remote attackers can cause denial of service (daemon crash) by sending excessively long arguments to these commands, potentially leading to server instability.
reference:
- http://marc.info/?l=bugtraq&m=109396159332523&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17172
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss-score: 5
cve-id: CVE-2004-1641
epss-score: 0.00881
epss-percentile: 0.74659
cpe: cpe:2.3:a:south_river_technologies:titan_ftp_server:2.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: south_river_technologies
product: titan_ftp_server
shodan-query: product:"Titan ftpd"
tags: cve,cve2004,network,ftp,titan-ftp,tcp,passive,heap-overflow,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Titan')"
- "compare_versions(version, '<= 3.21')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Titan FTP Server ([0-9.]+)"
# digest: 490a0046304402207306705edf9a50bca43ac1aa124af53d1c79820b36008279d35b5b18509ca98a022062310affe951192737569f8ff2f87cb0d042b48478ce54a3799a3c24274190e7:922c64590222798bb761d5b6d8e72950