id: CVE-2004-0656

info:
  name: Pure-FTPd ≤ 1.0.18 - DoS via Connection Limit Exhaustion
  author: pussycat0x
  severity: medium
  description: |
    Pure-FTPd versions ≤ 1.0.18 are vulnerable to denial of service through connection limit exhaustion. The vulnerability occurs in the accept_client function when the maximum number of connections is exceeded, potentially causing the server to become unresponsive or crash.
  impact: |
    Attackers can exhaust server connections by sending large numbers of simultaneous connection requests, causing Pure-FTPd to become unresponsive or crash.
  remediation: |
    Upgrade Pure-FTPd to version 1.0.19 or later that properly handles connection limit scenarios.
  reference:
    - http://www.pureftpd.org/
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/16611
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
    cvss-score: 5
    cve-id: CVE-2004-0656
    epss-score: 0.00229
    epss-percentile: 0.45742
    cpe: cpe:2.3:a:pureftpd:pureftpd:0.96:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: pureftpd
    product: pureftpd
    shodan-query: product:"Pure-FTPd" version:"1.0.14"
  tags: cve,cve2004,network,ftp,pure-ftpd,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'Pure-FTPd')"
          - "compare_versions(version, '<= 1.0.18')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "Pure-FTPd ([0-9.]+)"
# digest: 4b0a00483046022100b0c9ec515fc48d91ef24c4f9eb7acdcff99c8b8b150720de2b0a574e4e71f54f0221009cea6c3c623d984dc86c1ea22205c8544d51dc18ab3accfd44b8a0294dfb18db:922c64590222798bb761d5b6d8e72950