Pure-FTPd versions prior to 1.0.50 are vulnerable to resource exhaustion leading to denial of service. The vulnerability occurs in the listdir() function when processing crafted LIST commands, causing stack exhaustion that can crash the FTP server.
PoC代码[已公开]
id: CVE-2019-20176
info:
name: Pure-FTPd < 1.0.50 - DoS via Resource Exhaustion
author: pussycat0x
severity: high
description: |
Pure-FTPd versions prior to 1.0.50 are vulnerable to resource exhaustion leading to denial of service. The vulnerability occurs in the listdir() function when processing crafted LIST commands, causing stack exhaustion that can crash the FTP server.
reference:
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2019-20176
cwe-id: CWE-400
epss-score: 0.22328
epss-percentile: 0.95562
cpe: cpe:2.3:a:pureftpd:pure-ftpd:1.0.49:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: pureftpd
product: pure-ftpd
shodan-query:
- product:"pure-ftpd" version:"1.0.45"
- cpe:"cpe:2.3:a:pureftpd:pure-ftpd"
tags: cve,cve2019,network,ftp,pure-ftpd,tcp,passive,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Pure-FTPd')"
- "compare_versions(version, '< 1.0.50')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Pure-FTPd ([0-9.]+)"
# digest: 4a0a0047304502206928b2d9c982920d409c9e5e9d712255dea52f6ac78ed50dda38ed0805c260a6022100d2a06f027385ad85c44378a710133bfe6e2f4eaeccec67d2821a0dbdcb8b9ba8:922c64590222798bb761d5b6d8e72950