id: CVE-2004-1641

info:
  name: Titan FTP ≤ 3.21 - Heap Overflow via Long Commands
  author: pussycat0x
  severity: medium
  description: |
    Titan FTP versions ≤ 3.21 contain heap overflow vulnerabilities when processing long FTP commands such as CWD, STAT, or LIST. Remote attackers can cause denial of service (daemon crash) by sending excessively long arguments to these commands, potentially leading to server instability.
  impact: |
    Attackers can trigger heap overflow conditions by sending excessively long FTP commands, causing Titan FTP Server to crash and resulting in denial of service.
  remediation: |
    Upgrade Titan FTP Server to a version later than 3.21 that properly validates command length and prevents heap overflow.
  reference:
    - http://marc.info/?l=bugtraq&m=109396159332523&w=2
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/17172
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
    cvss-score: 5
    cve-id: CVE-2004-1641
    epss-score: 0.0824
    epss-percentile: 0.94188
    cpe: cpe:2.3:a:south_river_technologies:titan_ftp_server:2.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: south_river_technologies
    product: titan_ftp_server
    shodan-query: product:"Titan ftpd"
  tags: cve,cve2004,network,ftp,titan-ftp,tcp,passive,heap-overflow,vuln
tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'Titan')"
          - "compare_versions(version, '<= 3.21')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "Titan FTP Server ([0-9.]+)"
# digest: 490a00463044022073dace0172d0e8029f2396fa6b408a228713f02fee3b16d6d090ca32a7d750c902205106d7133ddd9fcf40b5cc7a64ade5e4ae8c5ddf736c17edf6e73617ba426169:922c64590222798bb761d5b6d8e72950