CVE-2021-31645 – This vulnerability in glFTPd 2.11a allows remot... (How to Fix)

Q: What is the severity of CVE-2021-31645?

CVE-2021-31645 has a CVSS score of 7.5 (HIGH). This vulnerability in glFTPd 2.11a allows remote attackers to cause a denial of service by exceeding the connection limit, crashing the FTP server. It affects all systems running the vulnerable version of glFTPd. Attackers can exploit this without authentication to disrupt FTP services.

📋 TL;DR

This vulnerability in glFTPd 2.11a allows remote attackers to cause a denial of service by exceeding the connection limit, crashing the FTP server. It affects all systems running the vulnerable version of glFTPd. Attackers can exploit this without authentication to disrupt FTP services.

💻 Affected Systems

Products:

glFTPd

Versions: 2.11a

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of glFTPd 2.11a are vulnerable. The vulnerability exists in the connection handling code.

📦 What is this software?

Glftpd by Glftpd

View all CVEs affecting Glftpd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete FTP service disruption making files inaccessible, potentially affecting dependent services or workflows.

🟠

Likely Case

Temporary FTP service outage requiring manual restart of the glFTPd service.

🟢

If Mitigated

Minimal impact with proper connection rate limiting and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute. Attackers can trigger the DoS with simple connection flooding.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://glftpd.io/

Restart Required: No

Instructions:

No official patch exists. Consider upgrading to a different FTP server or implementing workarounds.

🔧 Temporary Workarounds

Implement connection rate limiting

linux

Use iptables or similar firewall rules to limit connection rates to the FTP port

iptables -A INPUT -p tcp --dport 21 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 21 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

Use reverse proxy with rate limiting

linux

Place glFTPd behind a reverse proxy like nginx with connection limiting

limit_conn_zone $binary_remote_addr zone=ftp:10m;
limit_conn ftp 10;

🧯 If You Can't Patch

Implement network-level connection rate limiting using firewalls
Monitor glFTPd process health and implement automatic restart scripts

🔍 How to Verify

Check if Vulnerable:

Check glFTPd version: glftpd --version or examine installation files

Check Version:

glftpd --version 2>&1 | head -1

Verify Fix Applied:

Test connection flooding to verify rate limiting is working

📡 Detection & Monitoring

Log Indicators:

Multiple rapid connection attempts from single IP
glFTPd process crashes or restarts
Connection limit warnings in logs

Network Indicators:

High volume of TCP SYN packets to port 21
Multiple incomplete FTP handshakes from same source

SIEM Query:

source="glftpd.log" AND ("connection limit" OR "too many connections" OR "crash")

📊 Metadata

CVE ID: CVE-2021-31645

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: July 7, 2022

Last Updated: November 21, 2024

🔗 References

https://glftpd.io/ Vendor Advisory
https://www.exploit-db.com/exploits/49773 Exploit,Third Party Advisory,VDB Entry
https://glftpd.io/ Vendor Advisory
https://www.exploit-db.com/exploits/49773 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31645, you might also want to check these: