id: CVE-2014-1841

info:
  name: Titan FTP Server < 10.40 Move Function - Directory Traversal
  author: pussycat0x
  severity: medium
  description: |
    Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the Move function. Remote attackers can copy the complete home folder of another user by exploiting the ../ path traversal in the search-bar value, allowing unauthorized access to sensitive user data.
  impact: |
    Unauthenticated attackers can exploit directory traversal in the Move function to copy complete home folders of other users, allowing unauthorized access to sensitive user data stored on the FTP server.
  remediation: |
    Update Titan FTP Server to version 10.40 build 1829 or later that properly validates path parameters in the Move function to prevent directory traversal.
  reference:
    - http://www.exploit-db.com/exploits/31579
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2014-1841
    cwe-id: CWE-22
    epss-score: 0.0379
    epss-percentile: 0.88385
    cpe: cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: southrivertech
    product: titan_ftp_server
    shodan-query: product:"Titan ftpd"
  tags: cve,cve2014,network,ftp,titan-ftp,tcp,passive,lfi,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'Titan')"
          - "compare_versions(version, '< 10.40')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "Titan FTP Server ([0-9.]+)"
# digest: 4a0a0047304502206c465090eb43e8f603fc1f0b8d2d0b6246a776cde5fec1d237de5cda358539f80221008d9a7794d92afd3ffb197a6d8728662876855215c77e171702156e2a9f05560d:922c64590222798bb761d5b6d8e72950