CVE-2008-0702
published 2008-02-12CVE-2008-0702: Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.71%
93.9th percentile
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| south_river_technologies | titan_ftp_server | — | — |
| south_river_technologies | titan_ftp_server | — | — |
| titan | ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m434-vxwp-c3vg: Multiple heap-based buffer overflows in Titan FTP Server 6
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2008-0702 [MEDIUM] CWE-119 GHSA-m434-vxwp-c3vg: Multiple heap-based buffer overflows in Titan FTP Server 6
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
GHSA
GHSA-79j3-hc9x-7c9p: Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-0725 [CRITICAL] CWE-119 GHSA-79j3-hc9x-7c9p: Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6
Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702.
No detection rules found.
Exploit-DB
Titan FTP Server 6.03 - 'USER/PASS' Remote Heap Overflow (PoC)
exploitdb·2008-02-02
CVE-2008-0702 Titan FTP Server 6.03 - 'USER/PASS' Remote Heap Overflow (PoC)
Titan FTP Server 6.03 - 'USER/PASS' Remote Heap Overflow (PoC)
---
#Titan FTP SERVER REMOTE HEAP OVERFLOW(USER/PASS)
#Impact : Critical
#
# Windbg Output:
#(bec.528): Access violation - code c0000005 (first chance)
#First chance exceptions are reported before any exception handling.
#This exception may be expected and handled.
#eax=41414141 ebx=00000000 ecx=07e415f4 edx=00000000 esi=41414141 edi=07e415f4
#eip=004bbafa esp=06e4fb38 ebp=06e4fb5c iopl=0 nv up ei pl nz na po nc
#cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
#srxTitan+0xbbafa:
#004bbafa 8930 mov [eax],esi ds:0023:41414141=????????
#
# When reconnecting :
#
#(bec.c60): Access violation - code c0000005 (first chance)
#First chance exceptions are reported before any exception handling.
#This exception may be expec
Nuclei
Titan FTP Server 6.03 and 6.0.5.549 - Heap Overflow via Long Commands
nuclei·CVSS 9.3
CVE-2008-0702 [CRITICAL] Titan FTP Server 6.03 and 6.0.5.549 - Heap Overflow via Long Commands
Titan FTP Server 6.03 and 6.0.5.549 - Heap Overflow via Long Commands
Titan FTP Server versions 6.03 and 6.05 (builds) contain multiple heap-based buffer overflow vulnerabilities. Remote attackers can cause denial of service (daemon crash) or potentially execute arbitrary code by sending excessively long USER, PASS, or other FTP commands that trigger heap overflows.
Template:
id: CVE-2008-0702
info:
name: Titan FTP Server 6.03 and 6.0.5.549 - Heap Overflow via Long Commands
author: pussycat0x
severity: critical
description: |
Titan FTP Server versions 6.03 and 6.05 (builds) contain multiple heap-based buffer overflow vulnerabilities. Remote attackers can cause denial of service (daemon crash) or potentially execute arbitrary code by sending excessively long USER, PASS, or other FTP com
No writeups or analysis indexed.
http://secunia.com/advisories/28760http://securityreason.com/securityalert/3639http://www.securityfocus.com/archive/1/487431/100/0/threadedhttp://www.securityfocus.com/bid/27568http://www.vupen.com/english/advisories/2008/0393https://www.exploit-db.com/exploits/5036http://secunia.com/advisories/28760http://securityreason.com/securityalert/3639http://www.securityfocus.com/archive/1/487431/100/0/threadedhttp://www.securityfocus.com/bid/27568http://www.vupen.com/english/advisories/2008/0393https://www.exploit-db.com/exploits/5036
2008-02-12
Published