id: CVE-2024-48208

info:
  name: Pure-FTPd < 1.0.52 - Buffer Overflow
  author: pussycat0x
  severity: high
  description: |
    Pure-FTPd versions prior to 1.0.52 contain a buffer overflow vulnerability due to an out-of-bounds read in the domlsd() function within the ls.c file. This vulnerability could allow attackers to execute arbitrary code on affected systems.
  impact: |
    Attackers can trigger a buffer overflow in the domlsd() function through crafted FTP commands, potentially executing arbitrary code on the FTP server and compromising the entire system.
  remediation: |
    Upgrade to Pure-FTPd version 1.0.52 or later that fixes the buffer overflow vulnerability in the domlsd() function.
  reference:
    - https://github.com/jedisct1/pure-ftpd/pull/176
    - https://github.com/rohilchaudhry/CVE-2024-48208
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
    cvss-score: 8.6
    cve-id: CVE-2024-48208
    cwe-id: CWE-125
    epss-score: 0.38569
    epss-percentile: 0.97323
  metadata:
    verified: true
    max-request: 1
    shodan-query: product:"Pure-FTPd"
  tags: cve,cve2024,network,ftp,pure-ftpd,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'Pure-FTPd')"
          - "compare_versions(version, '< 1.0.52')"
        condition: and

    extractors:
      - type: regex
        name: version
        group: 1
        regex:
          - "Pure-FTPd ([0-9.]+)"
# digest: 4a0a004730450221008242ac1ed4df4b77acf2b7d9841d674c7731c9525ceb1039ba2d2b5794d4dd1b022062010afeb8115f2d21b3c8c09f3c32d8990cee221b366513440796b4c6104160:922c64590222798bb761d5b6d8e72950