<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cve-2019-25654 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cve-2019-25654/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 03 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cve-2019-25654/feed.xml" rel="self" type="application/rss+xml"/><item><title>Core FTP/SFTP Server 1.2 Buffer Overflow Vulnerability (CVE-2019-25654)</title><link>https://feed.craftedsignal.io/briefs/2024-01-coreftp-buffer-overflow/</link><pubDate>Wed, 03 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-coreftp-buffer-overflow/</guid><description>Core FTP/SFTP Server 1.2 is vulnerable to a buffer overflow, allowing attackers to crash the service by providing an excessively long string in the User domain field.</description><content:encoded><![CDATA[<p>Core FTP/SFTP Server version 1.2 is susceptible to a buffer overflow vulnerability, identified as CVE-2019-25654. This vulnerability allows a remote attacker to crash the FTP service by sending an overly long string to the User domain field. The attack involves pasting a malicious payload containing approximately 7000 bytes of data into the domain configuration, triggering a buffer overflow condition within the application. Successful exploitation of this vulnerability leads to a denial-of-service condition, impacting the availability of the FTP service for legitimate users. This vulnerability was reported in 2019 and continues to pose a risk to unpatched installations.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker identifies a vulnerable Core FTP/SFTP Server 1.2 instance.</li>
<li>Attacker gains access to the domain configuration settings of the Core FTP/SFTP server. This could be through exposed admin panel, or other means.</li>
<li>Attacker crafts a malicious payload consisting of an excessively long string (approximately 7000 bytes).</li>
<li>Attacker pastes the malicious payload into the User domain field within the server's configuration settings.</li>
<li>The server attempts to process the oversized input without proper bounds checking.</li>
<li>A buffer overflow occurs, overwriting adjacent memory regions.</li>
<li>The application's execution is disrupted due to corrupted memory.</li>
<li>The Core FTP/SFTP server crashes, resulting in a denial-of-service condition.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2019-25654 results in a denial-of-service condition, rendering the Core FTP/SFTP Server 1.2 unavailable. This can disrupt file transfer operations, potentially impacting business processes that rely on the server. While the provided source does not detail specific victim counts or sectors targeted, the vulnerability could affect any organization utilizing the affected version of Core FTP/SFTP Server. The severity is considered high due to the ease of exploitation and the direct impact on service availability.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade Core FTP/SFTP Server to a patched version that addresses CVE-2019-25654 to remediate the vulnerability.</li>
<li>Implement input validation on the User domain field within the server configuration to prevent excessively long strings from being processed. Enable process creation logging and deploy the provided Sigma rule to detect potential exploitation attempts targeting CVE-2019-25654.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>buffer overflow</category><category>denial of service</category><category>cve-2019-25654</category><category>core ftp</category><category>sftp</category><category>windows</category></item></channel></rss>