CVE-2004-1641
published 2004-08-29CVE-2004-1641: Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.24%
94.2th percentile
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| south_river_technologies | titan_ftp_server | — | — |
| south_river_technologies | titan_ftp_server | — | — |
| south_river_technologies | titan_ftp_server | — | — |
| south_river_technologies | titan_ftp_server | — | — |
| south_river_technologies | titan_ftp_server | — | — |
| south_river_technologies | titan_ftp_server | — | — |
| south_river_technologies | titan_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m434-vxwp-c3vg: Multiple heap-based buffer overflows in Titan FTP Server 6
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2008-0702 [MEDIUM] CWE-119 GHSA-m434-vxwp-c3vg: Multiple heap-based buffer overflows in Titan FTP Server 6
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
GHSA
GHSA-pfgr-89g7-q7q8: Heap-based buffer overflow in Titan FTP 3
ghsa_unreviewed·2022-04-29
CVE-2004-1641 [MEDIUM] GHSA-pfgr-89g7-q7q8: Heap-based buffer overflow in Titan FTP 3
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
No detection rules found.
Exploit-DB
Titan FTP Server - Long Command Heap Overflow
exploitdb·2004-08-31
CVE-2004-1641 Titan FTP Server - Long Command Heap Overflow
Titan FTP Server - Long Command Heap Overflow
---
/*
*
* titanftp.c - TiTan FTP Server Long Command Heap Overflow PoC Exploit
*
* Copyright (C) 2000-2004 HUC All Rights Reserved.
*
* Author : lion
* : lion cnhonker net
* : www cnhonker com
* Date : 2004-08-30
*
*/
#include
#include
#include
#pragma comment(lib, "ws2_32.lib")
#define FTPPORT 21
#define BUFFSIZE 204800
#define OVERFLOWSIZE 20480
#define SIZE 2048
// function
int create_socket();
int client_connect(int sockfd,char* server,int port);
int writebuf(char *s,int socket,char *buffer,int len);
int readbuf(char *s,int socket,char *buffer,int len);
void checkstatus(char *s);
void loginftp(SOCKET sockfd, char *user, char *pass);
int show = 1;
char recvbuf[BUFFSIZE];
char sendbuf[BUFFSIZE];
void main(int argc, char *argv[])
{
WSA
Nuclei
Titan FTP ≤ 3.21 - Heap Overflow via Long Commands
nuclei·CVSS 5.0
CVE-2004-1641 [MEDIUM] Titan FTP ≤ 3.21 - Heap Overflow via Long Commands
Titan FTP ≤ 3.21 - Heap Overflow via Long Commands
Titan FTP versions ≤ 3.21 contain heap overflow vulnerabilities when processing long FTP commands such as CWD, STAT, or LIST. Remote attackers can cause denial of service (daemon crash) by sending excessively long arguments to these commands, potentially leading to server instability.
Template:
id: CVE-2004-1641
info:
name: Titan FTP ≤ 3.21 - Heap Overflow via Long Commands
author: pussycat0x
severity: medium
description: |
Titan FTP versions ≤ 3.21 contain heap overflow vulnerabilities when processing long FTP commands such as CWD, STAT, or LIST. Remote attackers can cause denial of service (daemon crash) by sending excessively long arguments to these commands, potentially leading to server instability.
impact: |
Attackers can trigger
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=109396159332523&w=2http://secunia.com/advisories/12419http://www.securityfocus.com/bid/11069https://exchange.xforce.ibmcloud.com/vulnerabilities/17172http://marc.info/?l=bugtraq&m=109396159332523&w=2http://secunia.com/advisories/12419http://www.securityfocus.com/bid/11069https://exchange.xforce.ibmcloud.com/vulnerabilities/17172
2004-08-29
Published