Titan FTP Server versions 6.03 and 6.05 (builds) contain multiple heap-based buffer overflow vulnerabilities. Remote attackers can cause denial of service (daemon crash) or potentially execute arbitrary code by sending excessively long USER, PASS, or other FTP commands that trigger heap overflows.
PoC代码[已公开]
id: CVE-2008-0702
info:
name: Titan FTP Server 6.03 and 6.0.5.549 - Heap Overflow via Long Commands
author: pussycat0x
severity: critical
description: |
Titan FTP Server versions 6.03 and 6.05 (builds) contain multiple heap-based buffer overflow vulnerabilities. Remote attackers can cause denial of service (daemon crash) or potentially execute arbitrary code by sending excessively long USER, PASS, or other FTP commands that trigger heap overflows.
reference:
- http://securityreason.com/securityalert/3639
- http://www.vupen.com/english/advisories/2008/0393
- https://www.exploit-db.com/exploits/5036
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
cvss-score: 9.3
cve-id: CVE-2008-0702
cwe-id: CWE-119
epss-score: 0.02993
epss-percentile: 0.86036
cpe: cpe:2.3:a:south_river_technologies:titan_ftp_server:6.0.5.549:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: south_river_technologies
product: titan_ftp_server
shodan-query: product:"Titan ftpd" version:"16.00.2672"
tags: cve,cve2008,network,ftp,titan-ftp,tcp,passive,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Titan')"
- "contains(version, '6.03') || contains(version, '6.0.5.549')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Titan FTP Server ([0-9.]+)"
# digest: 4a0a00473045022029fa7388fe32557889a180f8f3731845b2c024c6843e9440ad9160f96d1f1ad5022100a97cd80521504dc945c82f663de435f304dc9ec4e902e299a8b9e46c977c7e6e:922c64590222798bb761d5b6d8e72950