Titan FTP Server version 6.05 build 550 contains a heap overflow vulnerability when processing long DELE commands. Remote attackers can cause denial of service (daemon crash) or potentially execute arbitrary code by sending excessively long arguments to the DELE command.
PoC代码[已公开]
id: CVE-2008-5281
info:
name: Titan FTP Server 6.05 DELE Command - Heap Overflow
author: pussycat0x
severity: critical
description: |
Titan FTP Server version 6.05 build 550 contains a heap overflow vulnerability when processing long DELE commands. Remote attackers can cause denial of service (daemon crash) or potentially execute arbitrary code by sending excessively long arguments to the DELE command.
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2008-5281
cwe-id: CWE-119
epss-score: 0.01694
epss-percentile: 0.81615
cpe: cpe:2.3:a:south_river_technologies:titan_ftp_server:6.05:build_550:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: south_river_technologies
product: titan_ftp_server
shodan-query: product:"Titan FTP"
tags: cve,cve2008,network,ftp,titan-ftp,tcp,passive,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Titan')"
- "contains(version, '6.05')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Titan FTP Server ([0-9.]+)"
# digest: 4a0a004730450221009a5cba5c59f679f9f413188762ab982e9c41f13c0a00545b4bfde8ef69571b44022071c7155930d5b3a77aacbb68f02a1796aa557bc1b53fec266d648a8ff2e5d137:922c64590222798bb761d5b6d8e72950