CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-48208

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.01173/1

CVE-2024-48208 is a buffer overflow vulnerability in pure-ftpd before version 1.0.52. This out-of-bounds read in the domlsd() function within the ls.c file can be exploited by attackers. Despite a CVSS score of 0, this vulnerability can lead to unauthorized access and system instability. The SOCRadar Vulnerability Risk Score (SVRS) of 30 indicates a moderate risk. While not immediately critical, it should be monitored and addressed. Successful exploitation could allow attackers to read sensitive information from memory or potentially execute arbitrary code. It is significant because it affects a widely used FTP server, potentially exposing many systems to risk.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-10-24
LAST MODIFIED2024-10-28
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-48208 is a vulnerability in the pure-ftpd software, specifically versions prior to 1.0.52. This vulnerability stems from a buffer overflow flaw in the domlsd() function within the ls.c file, leading to an out-of-bounds read condition. This vulnerability could allow attackers to potentially execute arbitrary code on a vulnerable system.

While the CVSS score is 8.6, indicating a high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, signifying a moderate risk level. This suggests that although the vulnerability is serious, it may not be actively exploited by threat actors at this time. However, given the "In The Wild" tag, it's crucial to take immediate action to mitigate this threat.

Key Insights

  • Exploit Status: This vulnerability is "In The Wild," meaning that attackers are actively exploiting this vulnerability in real-world attacks.
  • Threat Actors/APT Groups: While specific threat actors or APT groups have not been publicly identified as exploiting this vulnerability, the fact it's "In The Wild" implies that various malicious actors may be leveraging this vulnerability for their gains.
  • Code Impact: The vulnerability resides within the domlsd() function, which is responsible for listing directories. This means that attackers could potentially gain access to sensitive files and information if the vulnerability is successfully exploited.
  • Impact: Successful exploitation of this vulnerability could lead to complete system compromise. Attackers could potentially gain control over the affected system, allowing them to install malware, steal data, or launch further attacks.

Mitigation Strategies

  1. Upgrade to the Latest Version: The most effective mitigation strategy is to upgrade to pure-ftpd version 1.0.52 or later. This update addresses the vulnerability and prevents future exploitation.
  2. Disable or Restrict Access to the Vulnerable Function: If immediate upgrading is not feasible, consider disabling or restricting access to the domlsd() function. This can be done through configuration settings or by implementing network access controls.
  3. Implement Network Segmentation: Segmenting your network can limit the potential impact of the vulnerability by isolating the affected systems. This helps to contain any potential breaches and prevent attackers from gaining access to other critical resources.
  4. Regular Security Monitoring: Implement robust security monitoring practices, including intrusion detection systems (IDS) and security information and event management (SIEM) tools. These systems can help detect suspicious activity and alert you to potential attacks.

Additional Information

If you have any further questions regarding this incident, please utilize the "Ask to Analyst" feature within the SOCRadar platform, contact SOCRadar directly, or open a support ticket for more detailed information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-48208 | pure-ftpd up to 1.0.51 ls.c domlsd out-of-bounds
vuldb.com2024-10-25
CVE-2024-48208 | pure-ftpd up to 1.0.51 ls.c domlsd out-of-bounds | A vulnerability was found in pure-ftpd up to 1.0.51. It has been rated as problematic. This issue affects the function domlsd of the file ls.c. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-48208. The attack
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/jedisct1/pure-ftpd/pull/176
GITHUBhttps://github.com/jedisct1/pure-ftpd/pull/176

CWE Details

CWE IDCWE NameDescription
CWE-125Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence