CVE-2019-18217
published 2019-10-21CVE-2019-18217: ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because…
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
19.51%
97.0th percentile
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | proftpd-dfsg | < proftpd-dfsg 1.3.6a-2 (bookworm) | proftpd-dfsg 1.3.6a-2 (bookworm) |
| proftpd | proftpd | <= 1.3.5 | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Banner-grab FTP port 21 and extract ProFTPD version string; flag any version less than 1.3.6b (or 1.3.7rc2 for rc builds) as vulnerable.
- →Use Shodan queries 'product:"proftpd"' or 'cpe:"cpe:2.3:a:proftpd:proftpd"' to identify exposed ProFTPD instances for targeted scanning.
- →The vulnerability manifests as an infinite loop in a child process of main.c when an overly long FTP command is received; monitor for hung/zombie ProFTPD child processes consuming CPU without completing. ↗
- →Trigger condition is sending an overly long FTP command before authentication; detect anomalously large pre-auth FTP command payloads on port 21/TCP. ↗
- ·The Nuclei template sends a 4-byte hex payload (00000000) to port 21 and matches only on the ProFTPD banner string plus version comparison; this is a passive/version-check approach and does not actively trigger the infinite loop.
- ·The FTP server is deactivated in the default configuration of the affected Siemens SIMATIC CP 1543-1 device; exploitation requires the embedded FTP server to be explicitly enabled. ↗
- ·No known public exploits specifically target these vulnerabilities at time of advisory publication. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC CP 1543-1
cisa_ics·2020-02-11·CVSS 9.8
[CRITICAL] Siemens SIMATIC CP 1543-1
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC CP 1543-1
Last RevisedFebruary 11, 2020
Alert CodeICSA-20-042-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: SIMATIC CP 1543-1
- Vulnerabilities: Improper Access Control, Loop with Unreachable Exit Condition
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow for remote code execution and information disclosure without authentication, or unauthenticated denial of service.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versi
Debian
CVE-2019-18217: proftpd-dfsg - ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated ...
vendor_debian·2019·CVSS 7.5
CVE-2019-18217 [HIGH] CVE-2019-18217: proftpd-dfsg - ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated ...
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
Scope: local
bookworm: resolved (fixed in 1.3.6a-2)
bullseye: resolved (fixed in 1.3.6a-2)
forky: resolved (fixed in 1.3.6a-2)
sid: resolved (fixed in 1.3.6a-2)
trixie: resolved (fixed in 1.3.6a-2)
GHSA
GHSA-5446-jrwr-x7c6: ProFTPD before 1
ghsa_unreviewed·2022-05-24
CVE-2019-18217 [HIGH] CWE-835 GHSA-5446-jrwr-x7c6: ProFTPD before 1
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
OSV
CVE-2019-18217: ProFTPD before 1
osv·2019-10-21·CVSS 7.5
CVE-2019-18217 [HIGH] CVE-2019-18217: ProFTPD before 1
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
No detection rules found.
Nuclei
ProFTPD < 1.3.6b - Remote Unauthenticated DoS
nuclei·CVSS 7.5
CVE-2019-18217 [HIGH] ProFTPD < 1.3.6b - Remote Unauthenticated DoS
ProFTPD < 1.3.6b - Remote Unauthenticated DoS
ProFTPD versions before 1.3.6b and various pre-release versions (1.3.7rc before 1.3.7rc2) are vulnerable to remote unauthenticated denial of service. The vulnerability occurs when processing overly long commands, causing an infinite loop in a child process that can crash the server.
Template:
id: CVE-2019-18217
info:
name: ProFTPD < 1.3.6b - Remote Unauthenticated DoS
author: pussycat0x
severity: high
description: |
ProFTPD versions before 1.3.6b and various pre-release versions (1.3.7rc before 1.3.7rc2) are vulnerable to remote unauthenticated denial of service. The vulnerability occurs when processing overly long commands, causing an infinite loop in a child process that can crash the server.
impact: |
Unauthenticated attackers can send o
Bugzilla
CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command
bugzilla·2019-10-23·CVSS 7.5
CVE-2019-18217 [HIGH] CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command
CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command
A vulnerability was found in ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
Reference:
https://github.com/proftpd/proftpd/blob/master/NEWS
https://github.com/proftpd/proftpd/issues/846
https://github.com/proftpd/proftpd/blob/1.3.6/NEWS
https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
Discussion:
Created proftpd tracking bugs for this issue:
Affects: epel-all [bug 1764417]
Affects: fedora-all [bug 1764416]
---
This CVE Bugzilla entry is for community support informational p
Bugzilla
CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command [fedora-all]
bugzilla·2019-10-23·CVSS 7.5
CVE-2019-18217 [HIGH] CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command [fedora-all]
CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command [epel-all]
bugzilla·2019-10-23·CVSS 7.5
CVE-2019-18217 [HIGH] CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command [epel-all]
CVE-2019-18217 proftpd: denial of service due to incorrect handling of long command [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdfhttps://github.com/proftpd/proftpd/blob/1.3.6/NEWShttps://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTEShttps://github.com/proftpd/proftpd/blob/master/NEWShttps://github.com/proftpd/proftpd/blob/master/RELEASE_NOTEShttps://github.com/proftpd/proftpd/issues/846https://lists.debian.org/debian-lts-announce/2019/10/msg00036.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJDQRVZTILBX4BUCTIRKP2WBHDHDCJR5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/https://seclists.org/bugtraq/2019/Nov/7https://security.gentoo.org/glsa/202003-35https://www.debian.org/security/2019/dsa-4559http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdfhttps://github.com/proftpd/proftpd/blob/1.3.6/NEWShttps://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTEShttps://github.com/proftpd/proftpd/blob/master/NEWShttps://github.com/proftpd/proftpd/blob/master/RELEASE_NOTEShttps://github.com/proftpd/proftpd/issues/846https://lists.debian.org/debian-lts-announce/2019/10/msg00036.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJDQRVZTILBX4BUCTIRKP2WBHDHDCJR5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/https://seclists.org/bugtraq/2019/Nov/7https://security.gentoo.org/glsa/202003-35https://www.debian.org/security/2019/dsa-4559
2019-10-21
Published