CVE-2011-1575

EPSS 22.18%
Published 23.05.2011 22:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Pureftpd ≫ Pure-ftpd Version <= 1.0.29

Pureftpd ≫ Pure-ftpd Version0.90

Pureftpd ≫ Pure-ftpd Version0.91

Pureftpd ≫ Pure-ftpd Version0.92

Pureftpd ≫ Pure-ftpd Version0.93

Pureftpd ≫ Pure-ftpd Version0.94

Pureftpd ≫ Pure-ftpd Version0.95

Pureftpd ≫ Pure-ftpd Version0.95-pre1

Pureftpd ≫ Pure-ftpd Version0.95-pre2

Pureftpd ≫ Pure-ftpd Version0.95-pre3

Pureftpd ≫ Pure-ftpd Version0.95-pre4

Pureftpd ≫ Pure-ftpd Version0.95.1

Pureftpd ≫ Pure-ftpd Version0.95.2

Pureftpd ≫ Pure-ftpd Version0.96

Pureftpd ≫ Pure-ftpd Version0.96.1

Pureftpd ≫ Pure-ftpd Version0.96pre1

Pureftpd ≫ Pure-ftpd Version0.97-final

Pureftpd ≫ Pure-ftpd Version0.97.1

Pureftpd ≫ Pure-ftpd Version0.97.2

Pureftpd ≫ Pure-ftpd Version0.97.3

Pureftpd ≫ Pure-ftpd Version0.97.4

Pureftpd ≫ Pure-ftpd Version0.97.5

Pureftpd ≫ Pure-ftpd Version0.97.6

Pureftpd ≫ Pure-ftpd Version0.97.7

Pureftpd ≫ Pure-ftpd Version0.97.7pre1

Pureftpd ≫ Pure-ftpd Version0.97.7pre2

Pureftpd ≫ Pure-ftpd Version0.97.7pre3

Pureftpd ≫ Pure-ftpd Version0.97pre1

Pureftpd ≫ Pure-ftpd Version0.97pre2

Pureftpd ≫ Pure-ftpd Version0.97pre3

Pureftpd ≫ Pure-ftpd Version0.97pre4

Pureftpd ≫ Pure-ftpd Version0.97pre5

Pureftpd ≫ Pure-ftpd Version0.98-final

Pureftpd ≫ Pure-ftpd Version0.98.1

Pureftpd ≫ Pure-ftpd Version0.98.2

Pureftpd ≫ Pure-ftpd Version0.98.2a

Pureftpd ≫ Pure-ftpd Version0.98.3

Pureftpd ≫ Pure-ftpd Version0.98.4

Pureftpd ≫ Pure-ftpd Version0.98.5

Pureftpd ≫ Pure-ftpd Version0.98.6

Pureftpd ≫ Pure-ftpd Version0.98.7

Pureftpd ≫ Pure-ftpd Version0.98pre1

Pureftpd ≫ Pure-ftpd Version0.98pre2

Pureftpd ≫ Pure-ftpd Version0.99

Pureftpd ≫ Pure-ftpd Version0.99.1

Pureftpd ≫ Pure-ftpd Version0.99.1a

Pureftpd ≫ Pure-ftpd Version0.99.1b

Pureftpd ≫ Pure-ftpd Version0.99.2

Pureftpd ≫ Pure-ftpd Version0.99.2a

Pureftpd ≫ Pure-ftpd Version0.99.3

Pureftpd ≫ Pure-ftpd Version0.99.4

Pureftpd ≫ Pure-ftpd Version0.99.9

Pureftpd ≫ Pure-ftpd Version0.99a

Pureftpd ≫ Pure-ftpd Version0.99b

Pureftpd ≫ Pure-ftpd Version0.99pre1

Pureftpd ≫ Pure-ftpd Version0.99pre2

Pureftpd ≫ Pure-ftpd Version1.0.0

Pureftpd ≫ Pure-ftpd Version1.0.1

Pureftpd ≫ Pure-ftpd Version1.0.2

Pureftpd ≫ Pure-ftpd Version1.0.3

Pureftpd ≫ Pure-ftpd Version1.0.4

Pureftpd ≫ Pure-ftpd Version1.0.5

Pureftpd ≫ Pure-ftpd Version1.0.6

Pureftpd ≫ Pure-ftpd Version1.0.7

Pureftpd ≫ Pure-ftpd Version1.0.8

Pureftpd ≫ Pure-ftpd Version1.0.9

Pureftpd ≫ Pure-ftpd Version1.0.10

Pureftpd ≫ Pure-ftpd Version1.0.11

Pureftpd ≫ Pure-ftpd Version1.0.12

Pureftpd ≫ Pure-ftpd Version1.0.13a

Pureftpd ≫ Pure-ftpd Version1.0.14

Pureftpd ≫ Pure-ftpd Version1.0.15

Pureftpd ≫ Pure-ftpd Version1.0.16a

Pureftpd ≫ Pure-ftpd Version1.0.16b

Pureftpd ≫ Pure-ftpd Version1.0.16c

Pureftpd ≫ Pure-ftpd Version1.0.17

Pureftpd ≫ Pure-ftpd Version1.0.17a

Pureftpd ≫ Pure-ftpd Version1.0.18

Pureftpd ≫ Pure-ftpd Version1.0.19

Pureftpd ≫ Pure-ftpd Version1.0.20

Pureftpd ≫ Pure-ftpd Version1.0.21

Pureftpd ≫ Pure-ftpd Version1.0.22

Pureftpd ≫ Pure-ftpd Version1.0.24

Pureftpd ≫ Pure-ftpd Version1.0.25

Pureftpd ≫ Pure-ftpd Version1.0.26

Pureftpd ≫ Pure-ftpd Version1.0.27

Pureftpd ≫ Pure-ftpd Version1.0.28

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	22.18%	0.953

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd

http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd

Patch

http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html

http://openwall.com/lists/oss-security/2011/04/11/14

http://openwall.com/lists/oss-security/2011/04/11/3

http://openwall.com/lists/oss-security/2011/04/11/7

http://openwall.com/lists/oss-security/2011/04/11/8

http://secunia.com/advisories/43988

Vendor Advisory

http://secunia.com/advisories/44548

http://www.pureftpd.org/project/pure-ftpd/news

https://bugzilla.novell.com/show_bug.cgi?id=686590

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=683221

https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-1575

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1575

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1575

EUVD