漏洞描述
Pure-FTPd versions 1.0.23 through 1.0.49 contain an arbitrary file upload vulnerability due to max_filesize quota issue, allowing large or unbounded file uploads that can cause server hang or resource exhaustion.
CVE-2021-40524: Pure-FTPd 1.0.23 < 1.0.50 - Arbitrary File Upload
PoC代码[已公开]
id: CVE-2021-40524
info:
name: Pure-FTPd 1.0.23 < 1.0.50 - Arbitrary File Upload
author: pussycat0x
severity: high
description: |
Pure-FTPd versions 1.0.23 through 1.0.49 contain an arbitrary file upload vulnerability due to max_filesize quota issue, allowing large or unbounded file uploads that can cause server hang or resource exhaustion.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2021-40524
cwe-id: CWE-434
epss-score: 0.21104
epss-percentile: 0.95408
cpe: cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: pureftpd
product: pure-ftpd
shodan-query:
- product:"pure-ftpd" version:"1.0.45"
- cpe:"cpe:2.3:a:pureftpd:pure-ftpd"
tags: cve,cve2021,network,ftp,pure-ftpd,tcp,passive,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Pure-FTPd')"
- "compare_versions(version, '> 1.0.23 ', '<= 1.0.50')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Pure-FTPd ([0-9.]+)"
# digest: 490a0046304402203ec444be84ca5fe8c6ccd7abd44f3f1c7d9cd514f417976f2be0f3c9111cc96102202b792af603cc4ea2c4e062c28497fe21c2744da38e57eece0f333a4a7b98cb9a:922c64590222798bb761d5b6d8e72950