CVE-2020-6835 – CVE-2020-6835 is a heap-based off-by-one buffer... (How to Fix)

Q: What is the severity of CVE-2020-6835?

CVE-2020-6835 has a CVSS score of 9.8 (CRITICAL). CVE-2020-6835 is a heap-based off-by-one buffer overflow vulnerability in Bftpd FTP server that occurs during file transfer error checking. This allows remote attackers to potentially execute arbitrary code or crash the service. Any system running vulnerable versions of Bftpd with FTP services enabled is affected.

📋 TL;DR

CVE-2020-6835 is a heap-based off-by-one buffer overflow vulnerability in Bftpd FTP server that occurs during file transfer error checking. This allows remote attackers to potentially execute arbitrary code or crash the service. Any system running vulnerable versions of Bftpd with FTP services enabled is affected.

💻 Affected Systems

Products:

Bftpd FTP Server

Versions: All versions before 5.4

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Any Bftpd installation with file transfer capabilities enabled is vulnerable. The vulnerability triggers during error checking in file transfers.

📦 What is this software?

Bftpd by Bftpd Project

View all CVEs affecting Bftpd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Service crash causing denial of service and potential information disclosure through memory leaks.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege are implemented, potentially just service disruption.

🌐 Internet-Facing: HIGH - FTP servers are typically internet-facing and this vulnerability requires no authentication.

🏢 Internal Only: MEDIUM - Still significant risk for internal FTP servers, but network segmentation can limit blast radius.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Heap-based exploitation requires specific conditions but public PoCs exist. Attackers can trigger the vulnerability by causing file transfer errors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.4 and later

Vendor Advisory: http://bftpd.sourceforge.net/news.html#302460

Restart Required: Yes

Instructions:

1. Download Bftpd 5.4 or later from official source. 2. Stop Bftpd service. 3. Install new version following distribution package manager or compile from source. 4. Restart Bftpd service.

🔧 Temporary Workarounds

Disable Bftpd Service

linux

Temporarily disable Bftpd FTP server until patching can be completed

sudo systemctl stop bftpd
sudo systemctl disable bftpd

Network Access Control

linux

Restrict FTP access to trusted IP addresses only using firewall rules

sudo iptables -A INPUT -p tcp --dport 21 -s TRUSTED_IP -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate FTP servers from critical systems
Deploy intrusion prevention systems (IPS) with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Bftpd version with 'bftpd -v' or examine package version. Versions below 5.4 are vulnerable.

Check Version:

bftpd -v

Verify Fix Applied:

Verify version is 5.4 or higher with 'bftpd -v' and test file transfers work without crashes.

📡 Detection & Monitoring

Log Indicators:

Multiple file transfer errors followed by service crashes
Abnormal memory usage patterns in Bftpd process

Network Indicators:

Multiple FTP connections causing transfer errors
Unusual FTP traffic patterns from untrusted sources

SIEM Query:

source="bftpd.log" AND ("segmentation fault" OR "heap corruption" OR "transfer error")

📊 Metadata

CVE ID: CVE-2020-6835

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-193

Published: January 10, 2020

Last Updated: November 21, 2024

🔗 References

http://bftpd.sourceforge.net/news.html#302460 Third Party Advisory
https://fossies.org/linux/bftpd/CHANGELOG Release Notes,Third Party Advisory
http://bftpd.sourceforge.net/news.html#302460 Third Party Advisory
https://fossies.org/linux/bftpd/CHANGELOG Release Notes,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6835, you might also want to check these: