id: CVE-2021-40524

info:
  name: Pure-FTPd 1.0.23 < 1.0.50 - Arbitrary File Upload
  author: pussycat0x
  severity: high
  description: |
    Pure-FTPd versions 1.0.23 through 1.0.49 contain an arbitrary file upload vulnerability due to max_filesize quota issue, allowing large or unbounded file uploads that can cause server hang or resource exhaustion.
  impact: |
    Attackers can bypass max_filesize quotas to upload extremely large files or unlimited files to the FTP server, causing resource exhaustion, disk space exhaustion, and potential denial of service.
  remediation: |
    Upgrade to Pure-FTPd version 1.0.50 or later that properly enforces max_filesize quotas to prevent resource exhaustion attacks.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cve-id: CVE-2021-40524
    cwe-id: CWE-434
    epss-score: 0.30194
    epss-percentile: 0.96767
    cpe: cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: pureftpd
    product: pure-ftpd
    shodan-query:
      - product:"pure-ftpd" version:"1.0.45"
      - cpe:"cpe:2.3:a:pureftpd:pure-ftpd"
  tags: cve,cve2021,network,ftp,pure-ftpd,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'Pure-FTPd')"
          - "compare_versions(version, '> 1.0.23 ', '<= 1.0.50')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "Pure-FTPd ([0-9.]+)"
# digest: 4b0a00483046022100f5d7b21fe901ade32bbf42ff16507b772aed9b3fef9118fccf2482a906c705ef0221008a166f9bc26710f71940dd0cefb9f35e33621d20b9d64ee6233ff7c224fa17dd:922c64590222798bb761d5b6d8e72950