📄 Description (English)
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.
🤖 AI Executive Summary
Core FTP 2.0 build 653 contains a critical denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the FTP server by sending malformed commands with oversized buffers. This vulnerability poses significant risk to organizations using legacy FTP infrastructure for file transfers, particularly in Saudi government and financial sectors. With no patch available and exploit code publicly available, immediate mitigation through network controls is essential.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 01:19
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations relying on Core FTP for legacy file transfer operations, particularly in: (1) Government agencies and NCA-regulated entities using FTP for secure document exchange; (2) Banking sector (SAMA-regulated) for inter-bank file transfers and settlement processes; (3) Energy sector (ARAMCO and subsidiaries) for operational data exchange; (4) Telecom providers (STC, Mobily) for network management and billing systems. The DoS nature allows attackers to disrupt critical file transfer operations, potentially affecting business continuity and regulatory compliance reporting.
🏢 Affected Saudi Sectors
Government and Public Administration
Banking and Financial Services
Energy and Utilities
Telecommunications
Healthcare
Defense and Security
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Core FTP 2.0 build 653 in your environment using network scanning and asset inventory tools
2. Implement network-level access controls restricting FTP access to trusted IP ranges only
3. Disable FTP service if not actively required; migrate to SFTP or FTPS alternatives
4. Monitor FTP logs for PBSZ commands with payloads exceeding 211 bytes
COMPENSATING CONTROLS:
1. Deploy WAF/IPS rules to block malformed PBSZ commands with oversized buffers
2. Implement rate limiting on FTP connections to reduce DoS impact
3. Use firewall rules to restrict FTP port (21) access to authorized internal networks only
4. Enable FTP connection logging and alerting for anomalous command patterns
PATCHING GUIDANCE:
1. Upgrade to Core FTP 2.1 or later (verify patch availability with vendor)
2. If upgrade unavailable, consider alternative FTP servers (ProFTPD, vsftpd) with security patches
3. Implement SFTP as primary file transfer protocol
DETECTION RULES:
1. Alert on FTP PBSZ commands with argument length > 211 bytes
2. Monitor for repeated FTP connection attempts followed by service crashes
3. Track FTP process crashes correlated with PBSZ command logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ Core FTP 2.0 الإصدار 653 في بيئتك باستخدام أدوات المسح والمخزون
2. تطبيق عناصر التحكم في الوصول على مستوى الشبكة لتقييد وصول FTP إلى نطاقات IP الموثوقة فقط
3. تعطيل خدمة FTP إذا لم تكن مطلوبة بنشاط؛ الهجرة إلى بدائل SFTP أو FTPS
4. مراقبة سجلات FTP للأوامر PBSZ ذات الحمولات التي تتجاوز 211 بايت
عناصر التحكم التعويضية:
1. نشر قواعد WAF/IPS لحجب أوامر PBSZ المشوهة ببفرات كبيرة الحجم
2. تطبيق تحديد معدل الاتصالات على FTP لتقليل تأثير DoS
3. استخدام قواعد جدار الحماية لتقييد وصول منفذ FTP (21) إلى الشبكات الداخلية المصرح بها فقط
4. تفعيل تسجيل التنبيهات لاتصالات FTP للأنماط غير الطبيعية
إرشادات التصحيح:
1. الترقية إلى Core FTP 2.1 أو إصدار أحدث (تحقق من توفر التصحيح مع البائع)
2. إذا كان الترقية غير متاحة، فكر في خوادم FTP بديلة (ProFTPD، vsftpd) مع تصحيحات أمان
3. تطبيق SFTP كبروتوكول نقل ملفات أساسي
قواعد الكشف:
1. تنبيه على أوامر PBSZ في FTP بطول حجة > 211 بايت
2. مراقبة محاولات الاتصال المتكررة بـ FTP متبوعة بأعطال الخدمة
3. تتبع أعطال عملية FTP المرتبطة بسجلات أوامر PBSZ
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.2.1 - Change management procedures
ECC 2024 A.13.1.3 - Segregation of networks
🔵 SAMA CSF
SAMA CSF ID.BE-5 - Organizational resilience
SAMA CSF PR.DS-6 - Data security and integrity
SAMA CSF DE.CM-1 - Detection and analysis
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Change management
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.13.1.3 - Segregation of networks
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates
PCI DSS 11.2 - Vulnerability scanning
🔗 References & Sources 4
🔗
http://coreftp.com/server/download/archive/CoreFTPServer653.exe
disclosure@vulncheck.com
Product
🔗
http://www.coreftp.com/
disclosure@vulncheck.com
Product
🔗
https://www.exploit-db.com/exploits/46532
disclosure@vulncheck.com
Exploit
VDB Entry
🔗
https://www.vulncheck.com/advisories/core-ftp-build-653-pbsz-unauthenticated-denial-of-...
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
coreftp:core_ftp:2.0