id: CVE-2021-30047

info:
  name: vsftpd < 3.0.3 - DoS
  author: pussycat0x
  severity: high
  description: |
    vsftpd before 3.0.3 allows remote attackers to cause a denial of service by sending a crafted FTP command.
  impact: |
    Attackers can send crafted FTP commands to crash the vsftpd daemon, causing denial of service and interrupting FTP services for legitimate users.
  remediation: |
    Upgrade to vsftpd version 3.0.3 or later that addresses the denial of service vulnerability.
  reference:
    - https://github.com/kuppamjohari/vsftpd-3.0.3-DoS
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cve-id: CVE-2021-30047
    epss-score: 0.33875
    epss-percentile: 0.97047
    cpe: cpe:2.3:a:vsftpd_project:vsftpd:3.0.3:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: vsftpd_project
    product: vsftpd
    shodan-query:
      - vsftpd
      - product:"vsftpd"
  tags: cve,cve2021,network,ftp,vsftpd,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'vsFTPd')"
          - "compare_versions(version, '< 3.0.3')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "vsFTPd ([0-9.]+)"
# digest: 4a0a00473045022100d5ac9739d8611be8f10c7f0a37d6ed23ebda562917454645fd40797af8c67ea20220758f5c534642ab349f31e6d51987f5a5d2d14c17187250fafb890e52cfee3cba:922c64590222798bb761d5b6d8e72950