ProFTPD versions before 1.3.3c contain directory traversal vulnerabilities in the mod_site_misc module. The vulnerability allows attackers to traverse directories and potentially overwrite arbitrary files on the system through crafted input to commands like SITE MKDIR and other SITE commands.
PoC代码[已公开]
id: CVE-2010-3867
info:
name: ProFTPD < 1.3.3c - Directory Traversal via mod_site_misc
author: pussycat0x
severity: high
description: |
ProFTPD versions before 1.3.3c contain directory traversal vulnerabilities in the mod_site_misc module. The vulnerability allows attackers to traverse directories and potentially overwrite arbitrary files on the system through crafted input to commands like SITE MKDIR and other SITE commands.
reference:
- http://bugs.proftpd.org/show_bug.cgi?id=3519
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050687.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050703.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050726.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.498209
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:H/Au:S/C:C/I:C/A:C
cvss-score: 7.1
cve-id: CVE-2010-3867
cwe-id: CWE-22
epss-score: 0.00311
epss-percentile: 0.53799
cpe: cpe:2.3:a:proftpd:proftpd:1.2.10:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: proftpd
product: proftpd
shodan-query:
- product:"proftpd"
- cpe:"cpe:2.3:a:proftpd:proftpd"
tags: cve,cve2010,network,ftp,proftpd,tcp,passive,lfi,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'ProFTPD')"
- "compare_versions(version, '< 1.3.3c')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "ProFTPD ([0-9.a-z]+)"
# digest: 4a0a004730450221008a68744f2797a80f8cacffb508207ac0765164e4e5602ca7a83220abc22e7b0b022045ebe30a4cb3d563f270c4e3126035bf99e6921c1a83df68b2e733494dff5a14:922c64590222798bb761d5b6d8e72950