{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/core-ftp/sftp-server/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Core FTP/SFTP Server"],"_cs_severities":["high"],"_cs_tags":["buffer overflow","denial of service","cve-2019-25654","core ftp","sftp","windows"],"_cs_type":"advisory","_cs_vendors":["Core FTP"],"content_html":"\u003cp\u003eCore FTP/SFTP Server version 1.2 is susceptible to a buffer overflow vulnerability, identified as CVE-2019-25654. This vulnerability allows a remote attacker to crash the FTP service by sending an overly long string to the User domain field. The attack involves pasting a malicious payload containing approximately 7000 bytes of data into the domain configuration, triggering a buffer overflow condition within the application. Successful exploitation of this vulnerability leads to a denial-of-service condition, impacting the availability of the FTP service for legitimate users. This vulnerability was reported in 2019 and continues to pose a risk to unpatched installations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Core FTP/SFTP Server 1.2 instance.\u003c/li\u003e\n\u003cli\u003eAttacker gains access to the domain configuration settings of the Core FTP/SFTP server. This could be through exposed admin panel, or other means.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious payload consisting of an excessively long string (approximately 7000 bytes).\u003c/li\u003e\n\u003cli\u003eAttacker pastes the malicious payload into the User domain field within the server's configuration settings.\u003c/li\u003e\n\u003cli\u003eThe server attempts to process the oversized input without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eA buffer overflow occurs, overwriting adjacent memory regions.\u003c/li\u003e\n\u003cli\u003eThe application's execution is disrupted due to corrupted memory.\u003c/li\u003e\n\u003cli\u003eThe Core FTP/SFTP server crashes, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2019-25654 results in a denial-of-service condition, rendering the Core FTP/SFTP Server 1.2 unavailable. This can disrupt file transfer operations, potentially impacting business processes that rely on the server. While the provided source does not detail specific victim counts or sectors targeted, the vulnerability could affect any organization utilizing the affected version of Core FTP/SFTP Server. The severity is considered high due to the ease of exploitation and the direct impact on service availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Core FTP/SFTP Server to a patched version that addresses CVE-2019-25654 to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement input validation on the User domain field within the server configuration to prevent excessively long strings from being processed. Enable process creation logging and deploy the provided Sigma rule to detect potential exploitation attempts targeting CVE-2019-25654.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-coreftp-buffer-overflow/","summary":"Core FTP/SFTP Server 1.2 is vulnerable to a buffer overflow, allowing attackers to crash the service by providing an excessively long string in the User domain field.","title":"Core FTP/SFTP Server 1.2 Buffer Overflow Vulnerability (CVE-2019-25654)","url":"https://feed.craftedsignal.io/briefs/2024-01-coreftp-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed - Core FTP/SFTP Server","version":"https://jsonfeed.org/version/1.1"}