CVE-2020-9274: Pure-FTPd ≤ 1.0.49 - DoS via Uninitialized Pointer

日期: 2025-08-01 | 影响软件: Pure-FTPd | POC: 已公开

漏洞描述

Pure-FTPd versions ≤ 1.0.49 (>= ~0.96) contain a vulnerability in the init_aliases() function within diraliases.c when processing aliases. This leads to access of an uninitialized pointer, which can cause a denial of service (DoS) condition.

PoC代码[已公开]

id: CVE-2020-9274

info:
  name: Pure-FTPd ≤ 1.0.49 - DoS via Uninitialized Pointer
  author: pussycat0x
  severity: high
  description: |
    Pure-FTPd versions ≤ 1.0.49 (>= ~0.96) contain a vulnerability in the init_aliases() function within diraliases.c when processing aliases. This leads to access of an uninitialized pointer, which can cause a denial of service (DoS) condition.
  reference:
    - https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/
    - https://security.gentoo.org/glsa/202003-54
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-9274
    cwe-id: CWE-824
    epss-score: 0.21014
    epss-percentile: 0.95397
    cpe: cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: pureftpd
    product: pure-ftpd
    shodan-query:
      - product:"pure-ftpd" version:"1.0.49"
      - cpe:"cpe:2.3:a:pureftpd:pure-ftpd"
  tags: cve,cve2020,network,ftp,pure-ftpd,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'Pure-FTPd')"
          - "compare_versions(version, '<= 1.0.49')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "Pure-FTPd ([0-9.]+)"
# digest: 4a0a0047304502206a071ba9225527eb16b819e77233b35ba0d4b2e7cb3b0de64f198d4cd4b7fd44022100c7484a1f2146479b75a9049b63f4934801159e5844a5aca739ebafa3c4754680:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2020/CVE-2020-9274.yaml

相关漏洞推荐