Vulnerabilites related to pureftpd - pure-ftpd
CVE-2019-20176 (GCVE-0-2019-20176)
Vulnerability from cvelistv5
Published
2019-12-31 14:04
Modified
2024-08-05 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706"
},
{
"name": "FEDORA-2020-74b71e5873",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/"
},
{
"name": "FEDORA-2020-85fa9f07f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T03:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706"
},
{
"name": "FEDORA-2020-74b71e5873",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/"
},
{
"name": "FEDORA-2020-85fa9f07f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706",
"refsource": "MISC",
"url": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706"
},
{
"name": "FEDORA-2020-74b71e5873",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/"
},
{
"name": "FEDORA-2020-85fa9f07f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20176",
"datePublished": "2019-12-31T14:04:06",
"dateReserved": "2019-12-31T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1575 (GCVE-0-2011-1575)
Vulnerability from cvelistv5
Published
2011-05-23 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/14"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"
},
{
"name": "[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"
},
{
"name": "[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"
},
{
"name": "43988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43988"
},
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/7"
},
{
"name": "44548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44548"
},
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/8"
},
{
"name": "[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"
},
{
"name": "[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/14"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"
},
{
"name": "[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"
},
{
"name": "[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"
},
{
"name": "43988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43988"
},
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/7"
},
{
"name": "44548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44548"
},
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/8"
},
{
"name": "[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"
},
{
"name": "[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/14"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=683221",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"
},
{
"name": "[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released",
"refsource": "MLIST",
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"
},
{
"name": "[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"
},
{
"name": "43988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43988"
},
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/7"
},
{
"name": "44548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44548"
},
{
"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/8"
},
{
"name": "[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/3"
},
{
"name": "http://www.pureftpd.org/project/pure-ftpd/news",
"refsource": "CONFIRM",
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=686590",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"
},
{
"name": "[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released",
"refsource": "MLIST",
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"
},
{
"name": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4",
"refsource": "CONFIRM",
"url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1575",
"datePublished": "2011-05-23T22:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9274 (GCVE-0-2020-9274)
Vulnerability from cvelistv5
Published
2020-02-26 15:29
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pureftpd.org/project/pure-ftpd/news/"
},
{
"name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2123-1] pure-ftpd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html"
},
{
"name": "GLSA-202003-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"name": "FEDORA-2020-5ac8d4c11a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"name": "FEDORA-2020-84fb0920fd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"name": "FEDORA-2020-fa83ea0492",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"name": "USN-4515-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4515-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-22T05:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pureftpd.org/project/pure-ftpd/news/"
},
{
"name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2123-1] pure-ftpd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html"
},
{
"name": "GLSA-202003-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"name": "FEDORA-2020-5ac8d4c11a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"name": "FEDORA-2020-84fb0920fd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"name": "FEDORA-2020-fa83ea0492",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"name": "USN-4515-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4515-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa",
"refsource": "MISC",
"url": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa"
},
{
"name": "https://www.pureftpd.org/project/pure-ftpd/news/",
"refsource": "MISC",
"url": "https://www.pureftpd.org/project/pure-ftpd/news/"
},
{
"name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2123-1] pure-ftpd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html"
},
{
"name": "GLSA-202003-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"name": "FEDORA-2020-5ac8d4c11a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"name": "FEDORA-2020-84fb0920fd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"name": "FEDORA-2020-fa83ea0492",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"name": "USN-4515-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4515-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9274",
"datePublished": "2020-02-26T15:29:32",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3171 (GCVE-0-2011-3171)
Vulnerability from cvelistv5
Published
2011-11-04 21:00
Modified
2024-08-06 23:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49541"
},
{
"name": "SUSE-SU-2011:1028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
},
{
"name": "pureftpd-oes-directory-traversal(69686)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
},
{
"name": "SUSE-SU-2011:1029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "49541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49541"
},
{
"name": "SUSE-SU-2011:1028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
},
{
"name": "pureftpd-oes-directory-traversal(69686)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
},
{
"name": "SUSE-SU-2011:1029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49541"
},
{
"name": "SUSE-SU-2011:1028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
},
{
"name": "pureftpd-oes-directory-traversal(69686)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
},
{
"name": "SUSE-SU-2011:1029",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3171",
"datePublished": "2011-11-04T21:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9365 (GCVE-0-2020-9365)
Vulnerability from cvelistv5
Published
2020-02-24 15:58
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e"
},
{
"name": "GLSA-202003-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"name": "FEDORA-2020-5ac8d4c11a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"name": "FEDORA-2020-84fb0920fd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"name": "FEDORA-2020-fa83ea0492",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T19:07:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e"
},
{
"name": "GLSA-202003-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"name": "FEDORA-2020-5ac8d4c11a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"name": "FEDORA-2020-84fb0920fd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"name": "FEDORA-2020-fa83ea0492",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e",
"refsource": "MISC",
"url": "https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e"
},
{
"name": "GLSA-202003-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"name": "FEDORA-2020-5ac8d4c11a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"name": "FEDORA-2020-84fb0920fd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"name": "FEDORA-2020-fa83ea0492",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"name": "https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da",
"refsource": "MISC",
"url": "https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9365",
"datePublished": "2020-02-24T15:58:51",
"dateReserved": "2020-02-24T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35359 (GCVE-0-2020-35359)
Vulnerability from cvelistv5
Published
2020-12-26 04:30
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:07.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/49105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-26T04:30:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/49105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/49105",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/49105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35359",
"datePublished": "2020-12-26T04:30:32",
"dateReserved": "2020-12-14T00:00:00",
"dateUpdated": "2024-08-04T17:02:07.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0418 (GCVE-0-2011-0418)
Vulnerability from cvelistv5
Published
2011-05-24 23:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"
},
{
"name": "ADV-2011-1273",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1273"
},
{
"name": "MDVSA-2011:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27\u0026r2=1.28\u0026f=h"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"
},
{
"name": "47671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47671"
},
{
"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/97"
},
{
"name": "8228",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8228"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"
},
{
"name": "ADV-2011-1273",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1273"
},
{
"name": "MDVSA-2011:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27\u0026r2=1.28\u0026f=h"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"
},
{
"name": "47671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47671"
},
{
"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/97"
},
{
"name": "8228",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8228"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"
},
{
"name": "ADV-2011-1273",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1273"
},
{
"name": "MDVSA-2011:094",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27\u0026r2=1.28\u0026f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27\u0026r2=1.28\u0026f=h"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=704283",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"
},
{
"name": "47671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47671"
},
{
"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/97"
},
{
"name": "8228",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8228"
},
{
"name": "http://www.pureftpd.org/project/pure-ftpd/news",
"refsource": "CONFIRM",
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0418",
"datePublished": "2011-05-24T23:00:00",
"dateReserved": "2011-01-11T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40524 (GCVE-0-2021-40524)
Vulnerability from cvelistv5
Published
2021-09-05 18:26
Modified
2024-08-04 02:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jedisct1/pure-ftpd/pull/158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T08:14:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jedisct1/pure-ftpd/pull/158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jedisct1/pure-ftpd/pull/158",
"refsource": "MISC",
"url": "https://github.com/jedisct1/pure-ftpd/pull/158"
},
{
"name": "https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50",
"refsource": "CONFIRM",
"url": "https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50"
},
{
"name": "https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4",
"refsource": "CONFIRM",
"url": "https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40524",
"datePublished": "2021-09-05T18:26:26",
"dateReserved": "2021-09-05T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0988 (GCVE-0-2011-0988)
Vulnerability from cvelistv5
Published
2011-04-18 17:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44039"
},
{
"name": "SUSE-SU-2011:0306",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/7849430"
},
{
"name": "sles-pureftpd-privilege-escalation(66618)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44039"
},
{
"name": "SUSE-SU-2011:0306",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/7849430"
},
{
"name": "sles-pureftpd-privilege-escalation(66618)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44039"
},
{
"name": "SUSE-SU-2011:0306",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/7849430"
},
{
"name": "sles-pureftpd-privilege-escalation(66618)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0988",
"datePublished": "2011-04-18T17:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12170 (GCVE-0-2017-12170)
Vulnerability from cvelistv5
Published
2017-09-21 20:00
Modified
2024-08-05 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unsafe configuration
Summary
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | pure-ftpd |
Version: Fedora downstream version pure-ftpd-1.0.46-1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pure-ftpd",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "Fedora downstream version pure-ftpd-1.0.46-1"
}
]
}
],
"datePublic": "2017-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn\u0027t affect upstream version of pure-ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unsafe configuration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12170",
"datePublished": "2017-09-21T20:00:00Z",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-12-26 05:15
Modified
2024-11-21 05:27
Severity ?
Summary
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.exploit-db.com/exploits/49105 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/49105 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8A6EAE-8B45-4D7D-A9B9-7963718B8BDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit."
},
{
"lang": "es",
"value": "Pure-FTPd versi\u00f3n 1.0.48, permite a atacantes remotos impedir el uso leg\u00edtimo del servidor haciendo suficientes conexiones para exceder el l\u00edmite de conexiones"
}
],
"id": "CVE-2020-35359",
"lastModified": "2024-11-21T05:27:13.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-26T05:15:11.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-31 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | 1.0.49 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D4D55C-F61A-4B98-BB70-D459F7195CD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c."
},
{
"lang": "es",
"value": "En Pure-FTPd versi\u00f3n 1.0.49, Se descubri\u00f3 un problema de agotamiento de la pila en la funci\u00f3n listdir en el archivo ls.c."
}
],
"id": "CVE-2019-20176",
"lastModified": "2024-11-21T04:38:09.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-31T15:15:11.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-26 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202003-54 | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4515-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.pureftpd.org/project/pure-ftpd/news/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4515-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pureftpd.org/project/pure-ftpd/news/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | * | |
| debian | debian_linux | 8.0 | |
| fedoraproject | extra_packages_for_enterprise_linux | 7.0 | |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 16.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A7494B-4517-44A4-9AAD-2D7D2BA66776",
"versionEndExcluding": "1.0.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Pure-FTPd versi\u00f3n 1.0.49. Se ha detectado una vulnerabilidad de puntero no inicializado en la lista vinculada diraliases. Cuando es llamada la funci\u00f3n *lookup_alias(const char alias) o print_aliases(void), no pueden detectar correctamente el final de la lista vinculada e intentan acceder a un miembro de la lista no existente. Esto est\u00e1 relacionado con la funci\u00f3n init_aliases en el archivo diraliases.c."
}
],
"id": "CVE-2020-9274",
"lastModified": "2024-11-21T05:40:19.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-26T16:15:19.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4515-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.pureftpd.org/project/pure-ftpd/news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4515-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.pureftpd.org/project/pure-ftpd/news/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-05 19:15
Modified
2024-11-21 06:24
Severity ?
Summary
In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/jedisct1/pure-ftpd/pull/158 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jedisct1/pure-ftpd/pull/158 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB7E569-40DC-47B8-AD6A-4F3EF8C0D092",
"versionEndExcluding": "1.0.50",
"versionStartIncluding": "1.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)"
},
{
"lang": "es",
"value": "En Pure-FTPd antes de la versi\u00f3n 1.0.50, un mecanismo incorrecto de cuota max_filesize en el servidor permite a los atacantes subir archivos de tama\u00f1o no limitado, lo que puede llevar a la denegaci\u00f3n de servicio o a la ca\u00edda del servidor. Esto ocurre porque una determinada prueba mayor que cero no anticipa un valor inicial de -1. (Est\u00e1n afectadas las versiones 1.0.23 a 1.0.49)"
}
],
"id": "CVE-2021-40524",
"lastModified": "2024-11-21T06:24:19.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-05T19:15:15.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/pull/158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/compare/1.0.49...1.0.50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/pull/158"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-21 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1493114 | Issue Tracking, Tool Signature, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1493114 | Issue Tracking, Tool Signature, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | 1.0.46-1 | |
| fedoraproject | fedora | 26 | |
| fedoraproject | fedora | 27 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.46-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE04278C-F528-438A-A89A-BDC89E53269C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4D8269-B407-4C24-AAB0-02F885C7D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEACBFF-6D05-4B69-BF7A-F7E539D9BF6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn\u0027t affect upstream version of pure-ftpd."
},
{
"lang": "es",
"value": "La versi\u00f3n downstream 1.0.46-1 de pure-ftpd, tal y como viene distribuido en Fedora, es vulnerable a los errores de empaquetado ya que se ignora la configuraci\u00f3n original despu\u00e9s de que se actualice y que el servicio empiece a ejecutarse con la configuraci\u00f3n por defecto. Esto provoca un impacto en la seguridad por omitir configuraciones de seguridad. Este problema no aplica a la versi\u00f3n upstream de pure-ftpd."
}
],
"id": "CVE-2017-12170",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-21T21:29:00.213",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Tool Signature",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Tool Signature",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-24 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202003-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202003-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | 1.0.49 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D4D55C-F61A-4B98-BB70-D459F7195CD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Pure-FTPd versi\u00f3n 1.0.49. Ha sido detectado una lectura fuera de l\u00edmites (OOB) en la funci\u00f3n pure_strcmp en el archivo utils.c."
}
],
"id": "CVE-2020-9365",
"lastModified": "2024-11-21T05:40:29.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-24T16:15:13.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-54"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-18 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/44039 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/66618 | ||
| cve@mitre.org | https://hermes.opensuse.org/messages/7849430 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44039 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66618 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://hermes.opensuse.org/messages/7849430 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | 1.0.22 | |
| novell | suse_linux | 10 | |
| novell | suse_linux | 10 | |
| novell | suse_linux | 11 | |
| novell | suse_linux | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "66DC1055-CD1D-48B3-9CC4-40F42C3490A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "7BCA5CC9-72F0-46ED-A0DF-611377E2D3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:10:sp4:*:*:*:*:*:*",
"matchCriteriaId": "3D9148F6-3E3A-42D0-B398-B069A683A6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:sp3:desktop:*:*:*:*:*",
"matchCriteriaId": "7C041069-C3AF-468E-9E20-55974B4B9C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux:11:sp4:desktop:*:*:*:*:*",
"matchCriteriaId": "0D038A9C-3B15-4E33-BD76-500927801064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "pure-ftpd 1.0.22, tal como se utiliza en SUSE Linux Enterprise Server 10 Service Pack 3 y Service Pack 4, y Enterprise Desktop 10 Service Pack 3 y Service Pack 4, cuando se ejecutan las extensiones OES Netware, crea un directorio en el que todo el mundo puede escribir, lo cual permite a usuarios locales sobrescribir archivos de forma arbitraria y ganar privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-0988",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-18T17:55:01.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44039"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/7849430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/7849430"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-24 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28 | Patch | |
| cret@cert.org | http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h | Patch | |
| cret@cert.org | http://securityreason.com/achievement_securityalert/97 | Exploit | |
| cret@cert.org | http://securityreason.com/securityalert/8228 | ||
| cret@cert.org | http://www.mandriva.com/security/advisories?name=MDVSA-2011:094 | ||
| cret@cert.org | http://www.pureftpd.org/project/pure-ftpd/news | ||
| cret@cert.org | http://www.securityfocus.com/bid/47671 | Exploit | |
| cret@cert.org | http://www.vupen.com/english/advisories/2011/1273 | Vendor Advisory | |
| cret@cert.org | https://bugzilla.redhat.com/show_bug.cgi?id=704283 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/achievement_securityalert/97 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8228 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:094 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pureftpd.org/project/pure-ftpd/news | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47671 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2011/1273 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=704283 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | * | |
| pureftpd | pure-ftpd | 0.90 | |
| pureftpd | pure-ftpd | 0.91 | |
| pureftpd | pure-ftpd | 0.92 | |
| pureftpd | pure-ftpd | 0.93 | |
| pureftpd | pure-ftpd | 0.94 | |
| pureftpd | pure-ftpd | 0.95 | |
| pureftpd | pure-ftpd | 0.95-pre1 | |
| pureftpd | pure-ftpd | 0.95-pre2 | |
| pureftpd | pure-ftpd | 0.95-pre3 | |
| pureftpd | pure-ftpd | 0.95-pre4 | |
| pureftpd | pure-ftpd | 0.95.1 | |
| pureftpd | pure-ftpd | 0.95.2 | |
| pureftpd | pure-ftpd | 0.96 | |
| pureftpd | pure-ftpd | 0.96.1 | |
| pureftpd | pure-ftpd | 0.96pre1 | |
| pureftpd | pure-ftpd | 0.97-final | |
| pureftpd | pure-ftpd | 0.97.1 | |
| pureftpd | pure-ftpd | 0.97.2 | |
| pureftpd | pure-ftpd | 0.97.3 | |
| pureftpd | pure-ftpd | 0.97.4 | |
| pureftpd | pure-ftpd | 0.97.5 | |
| pureftpd | pure-ftpd | 0.97.6 | |
| pureftpd | pure-ftpd | 0.97.7 | |
| pureftpd | pure-ftpd | 0.97.7pre1 | |
| pureftpd | pure-ftpd | 0.97.7pre2 | |
| pureftpd | pure-ftpd | 0.97.7pre3 | |
| pureftpd | pure-ftpd | 0.97pre1 | |
| pureftpd | pure-ftpd | 0.97pre2 | |
| pureftpd | pure-ftpd | 0.97pre3 | |
| pureftpd | pure-ftpd | 0.97pre4 | |
| pureftpd | pure-ftpd | 0.97pre5 | |
| pureftpd | pure-ftpd | 0.98-final | |
| pureftpd | pure-ftpd | 0.98.1 | |
| pureftpd | pure-ftpd | 0.98.2 | |
| pureftpd | pure-ftpd | 0.98.2a | |
| pureftpd | pure-ftpd | 0.98.3 | |
| pureftpd | pure-ftpd | 0.98.4 | |
| pureftpd | pure-ftpd | 0.98.5 | |
| pureftpd | pure-ftpd | 0.98.6 | |
| pureftpd | pure-ftpd | 0.98.7 | |
| pureftpd | pure-ftpd | 0.98pre1 | |
| pureftpd | pure-ftpd | 0.98pre2 | |
| pureftpd | pure-ftpd | 0.99 | |
| pureftpd | pure-ftpd | 0.99.1 | |
| pureftpd | pure-ftpd | 0.99.1a | |
| pureftpd | pure-ftpd | 0.99.1b | |
| pureftpd | pure-ftpd | 0.99.2 | |
| pureftpd | pure-ftpd | 0.99.2a | |
| pureftpd | pure-ftpd | 0.99.3 | |
| pureftpd | pure-ftpd | 0.99.4 | |
| pureftpd | pure-ftpd | 0.99.9 | |
| pureftpd | pure-ftpd | 0.99a | |
| pureftpd | pure-ftpd | 0.99b | |
| pureftpd | pure-ftpd | 0.99pre1 | |
| pureftpd | pure-ftpd | 0.99pre2 | |
| pureftpd | pure-ftpd | 1.0.0 | |
| pureftpd | pure-ftpd | 1.0.1 | |
| pureftpd | pure-ftpd | 1.0.2 | |
| pureftpd | pure-ftpd | 1.0.3 | |
| pureftpd | pure-ftpd | 1.0.4 | |
| pureftpd | pure-ftpd | 1.0.5 | |
| pureftpd | pure-ftpd | 1.0.6 | |
| pureftpd | pure-ftpd | 1.0.7 | |
| pureftpd | pure-ftpd | 1.0.8 | |
| pureftpd | pure-ftpd | 1.0.9 | |
| pureftpd | pure-ftpd | 1.0.10 | |
| pureftpd | pure-ftpd | 1.0.11 | |
| pureftpd | pure-ftpd | 1.0.12 | |
| pureftpd | pure-ftpd | 1.0.13a | |
| pureftpd | pure-ftpd | 1.0.14 | |
| pureftpd | pure-ftpd | 1.0.15 | |
| pureftpd | pure-ftpd | 1.0.16a | |
| pureftpd | pure-ftpd | 1.0.16b | |
| pureftpd | pure-ftpd | 1.0.16c | |
| pureftpd | pure-ftpd | 1.0.17 | |
| pureftpd | pure-ftpd | 1.0.17a | |
| pureftpd | pure-ftpd | 1.0.18 | |
| pureftpd | pure-ftpd | 1.0.19 | |
| pureftpd | pure-ftpd | 1.0.20 | |
| pureftpd | pure-ftpd | 1.0.21 | |
| pureftpd | pure-ftpd | 1.0.22 | |
| pureftpd | pure-ftpd | 1.0.24 | |
| pureftpd | pure-ftpd | 1.0.25 | |
| pureftpd | pure-ftpd | 1.0.26 | |
| pureftpd | pure-ftpd | 1.0.27 | |
| pureftpd | pure-ftpd | 1.0.28 | |
| pureftpd | pure-ftpd | 1.0.29 | |
| pureftpd | pure-ftpd | 1.0.30 | |
| netbsd | netbsd | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24538806-F3EF-4736-A5BB-828A9A176FB7",
"versionEndIncluding": "1.0.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF345E7-32E3-4AC2-AF59-2909BCD0F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E9891-37F0-4A89-8313-3DF7B30D20C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "3503BC8E-04EB-4B8B-BCC5-257FBE275435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "64733EB4-34AE-4BF6-BC42-5BEB171D02F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "6341410D-6327-40CB-8E77-03715170957A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*",
"matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*",
"matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "82F13F0C-B2B7-4DBA-BEB0-4599CE2EE422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "11938621-40EA-4B68-B802-B793F3AAD990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAAE0EB-626A-42BD-A522-CAA026AF5BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2139A56-05FC-468A-8BA4-D319FD878976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCE9F15-F266-4194-A328-BE7EB2D4CA6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3055A8-D3BB-4A42-8A5A-848502C08CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "535B52FC-4573-42C7-A0F4-29B8B7BEFD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "0772C8AB-3290-4A18-8417-4EB248398478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98-final:*:*:*:*:*:*:*",
"matchCriteriaId": "BC466025-06CF-48F9-B57A-02FD4D62B472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADCEF99-E5A8-4890-B75D-5055F09EDA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*",
"matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF09FF7-82C8-4C1F-A9CB-245A7D11D2D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B687A9-8B0B-4059-B6F6-29D76440F054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1A7388-0878-492C-B89A-C732CCE3E6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1025C8-B056-4AA7-9976-5FD6AC51A012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "70D16075-5855-4448-B79D-8B7385EE0E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED3D13F-D769-4668-AD31-9E9C6B4F1738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "7B02414C-C7CF-4719-ABCC-FB019C205163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0518387-8900-43BF-B592-EB9F725E9FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2044321-568E-4381-83EC-EBF9F0D46CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13a:*:*:*:*:*:*:*",
"matchCriteriaId": "8622805C-1E49-45F5-8CB0-2C0ECD9E5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16a:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB3C26B-945B-4C81-BF15-4E767B544A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16b:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AD4259-CA7D-45D1-8459-F8D44165AC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16c:*:*:*:*:*:*:*",
"matchCriteriaId": "866DF3B5-A364-4563-A883-D052DCD86C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17a:*:*:*:*:*:*:*",
"matchCriteriaId": "59FBF7FD-A6C9-46F0-8C9E-CF2098DCB8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "66DC1055-CD1D-48B3-9CC4-40F42C3490A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F753B7E9-BC46-40AD-A6E6-638C91468756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F7326-B11E-42AE-A0E4-E02CA9E0F9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "307B2193-1737-4FD5-B1E9-19DCB88443B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "42799518-1D12-4500-8E06-ED10D2239FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "31411BEC-1326-4CC4-84FB-6DFCB0D3AFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D9247A4F-2E8A-43B6-8850-3A9A678AC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "524E4B4E-8D00-4078-AC99-250066F76B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "730917F8-E1F4-4836-B05A-16B2BA5774DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del comando glob de Pure-FTPd en versiones anteriores a 1.0.32, y en libc de NetBSD 5.1, no expande apropiadamente las expresiones que contienen llaves, lo que permite a usuarios autenticados remotos provocar una denegaci\u00f3n de servicio (consumo de toda la memoria) a trav\u00e9s de un comando FTP STAT modificado."
}
],
"id": "CVE-2011-0418",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-24T23:55:01.653",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27\u0026r2=1.28\u0026f=h"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_securityalert/97"
},
{
"source": "cret@cert.org",
"url": "http://securityreason.com/securityalert/8228"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"
},
{
"source": "cret@cert.org",
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47671"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1273"
},
{
"source": "cret@cert.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27\u0026r2=1.28\u0026f=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/achievement_securityalert/97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-04 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/49541 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/69686 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49541 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/69686 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | * | |
| pureftpd | pure-ftpd | 0.90 | |
| pureftpd | pure-ftpd | 0.91 | |
| pureftpd | pure-ftpd | 0.92 | |
| pureftpd | pure-ftpd | 0.93 | |
| pureftpd | pure-ftpd | 0.94 | |
| pureftpd | pure-ftpd | 0.95 | |
| pureftpd | pure-ftpd | 0.95 | |
| pureftpd | pure-ftpd | 0.95 | |
| pureftpd | pure-ftpd | 0.95 | |
| pureftpd | pure-ftpd | 0.95 | |
| pureftpd | pure-ftpd | 0.95.1 | |
| pureftpd | pure-ftpd | 0.95.2 | |
| pureftpd | pure-ftpd | 0.96 | |
| pureftpd | pure-ftpd | 0.96 | |
| pureftpd | pure-ftpd | 0.96.1 | |
| pureftpd | pure-ftpd | 0.97 | |
| pureftpd | pure-ftpd | 0.97 | |
| pureftpd | pure-ftpd | 0.97 | |
| pureftpd | pure-ftpd | 0.97 | |
| pureftpd | pure-ftpd | 0.97 | |
| pureftpd | pure-ftpd | 0.97-final | |
| pureftpd | pure-ftpd | 0.97.1 | |
| pureftpd | pure-ftpd | 0.97.2 | |
| pureftpd | pure-ftpd | 0.97.3 | |
| pureftpd | pure-ftpd | 0.97.4 | |
| pureftpd | pure-ftpd | 0.97.5 | |
| pureftpd | pure-ftpd | 0.97.6 | |
| pureftpd | pure-ftpd | 0.97.7 | |
| pureftpd | pure-ftpd | 0.97.7 | |
| pureftpd | pure-ftpd | 0.97.7 | |
| pureftpd | pure-ftpd | 0.97.7 | |
| pureftpd | pure-ftpd | 0.98 | |
| pureftpd | pure-ftpd | 0.98 | |
| pureftpd | pure-ftpd | 0.98 | |
| pureftpd | pure-ftpd | 0.98.1 | |
| pureftpd | pure-ftpd | 0.98.2 | |
| pureftpd | pure-ftpd | 0.98.2 | |
| pureftpd | pure-ftpd | 0.98.3 | |
| pureftpd | pure-ftpd | 0.98.4 | |
| pureftpd | pure-ftpd | 0.98.5 | |
| pureftpd | pure-ftpd | 0.98.6 | |
| pureftpd | pure-ftpd | 0.98.7 | |
| pureftpd | pure-ftpd | 0.99 | |
| pureftpd | pure-ftpd | 0.99 | |
| pureftpd | pure-ftpd | 0.99 | |
| pureftpd | pure-ftpd | 0.99 | |
| pureftpd | pure-ftpd | 0.99 | |
| pureftpd | pure-ftpd | 0.99.1 | |
| pureftpd | pure-ftpd | 0.99.1 | |
| pureftpd | pure-ftpd | 0.99.1 | |
| pureftpd | pure-ftpd | 0.99.2 | |
| pureftpd | pure-ftpd | 0.99.2 | |
| pureftpd | pure-ftpd | 0.99.3 | |
| pureftpd | pure-ftpd | 0.99.4 | |
| pureftpd | pure-ftpd | 0.99.9 | |
| pureftpd | pure-ftpd | 1.0.0 | |
| pureftpd | pure-ftpd | 1.0.1 | |
| pureftpd | pure-ftpd | 1.0.2 | |
| pureftpd | pure-ftpd | 1.0.3 | |
| pureftpd | pure-ftpd | 1.0.4 | |
| pureftpd | pure-ftpd | 1.0.5 | |
| pureftpd | pure-ftpd | 1.0.6 | |
| pureftpd | pure-ftpd | 1.0.7 | |
| pureftpd | pure-ftpd | 1.0.8 | |
| pureftpd | pure-ftpd | 1.0.9 | |
| pureftpd | pure-ftpd | 1.0.10 | |
| pureftpd | pure-ftpd | 1.0.11 | |
| pureftpd | pure-ftpd | 1.0.12 | |
| pureftpd | pure-ftpd | 1.0.13 | |
| pureftpd | pure-ftpd | 1.0.14 | |
| pureftpd | pure-ftpd | 1.0.15 | |
| pureftpd | pure-ftpd | 1.0.16 | |
| pureftpd | pure-ftpd | 1.0.16 | |
| pureftpd | pure-ftpd | 1.0.16 | |
| pureftpd | pure-ftpd | 1.0.17 | |
| pureftpd | pure-ftpd | 1.0.17 | |
| pureftpd | pure-ftpd | 1.0.18 | |
| pureftpd | pure-ftpd | 1.0.19 | |
| pureftpd | pure-ftpd | 1.0.20 | |
| pureftpd | pure-ftpd | 1.0.21 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EC9019-1B5F-433E-8BD4-E9AAAAB902A0",
"versionEndIncluding": "1.0.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre1:*:*:*:*:*:*",
"matchCriteriaId": "BD46FE70-94F7-49A8-8C89-7D49D660A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre2:*:*:*:*:*:*",
"matchCriteriaId": "63769E2B-D1EA-4A63-87C9-74791641C2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre3:*:*:*:*:*:*",
"matchCriteriaId": "C656D161-2438-4ACA-AB14-2A9D86509870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:pre4:*:*:*:*:*:*",
"matchCriteriaId": "05B9AB24-3961-4BEF-A60E-99FE716DF9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:pre1:*:*:*:*:*:*",
"matchCriteriaId": "68510DBF-72AE-468B-8105-69B6A57A04F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre1:*:*:*:*:*:*",
"matchCriteriaId": "55A5149F-EFD9-47A6-9E0A-5CC527F692C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre2:*:*:*:*:*:*",
"matchCriteriaId": "1457138A-4081-455B-B5BA-28D7CC14EC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre3:*:*:*:*:*:*",
"matchCriteriaId": "840635FC-4FDB-4198-A79B-792B643A9388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre4:*:*:*:*:*:*",
"matchCriteriaId": "82E5881B-7BCE-47A9-883E-0F5B9D223F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97:pre5:*:*:*:*:*:*",
"matchCriteriaId": "ED101A1B-A785-4F81-9C94-DB4F12BAA088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*",
"matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*",
"matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre1:*:*:*:*:*:*",
"matchCriteriaId": "1E60DE27-EE96-44D1-9469-ACB4EB03CCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre2:*:*:*:*:*:*",
"matchCriteriaId": "2059AE45-9F9C-4D26-B53A-E61576EBF163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:pre3:*:*:*:*:*:*",
"matchCriteriaId": "7BD78C76-3679-47DD-B9A9-CDA0B34EEDEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:final:*:*:*:*:*:*",
"matchCriteriaId": "6AC69E38-9872-460F-841B-BBE1110FC1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7F812030-6DC3-4A8C-824F-3185AC4F0619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98:pre2:*:*:*:*:*:*",
"matchCriteriaId": "1917ECFC-BCD2-464C-B4C7-6D87A3B50DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:a:*:*:*:*:*:*",
"matchCriteriaId": "FE763375-34A0-4D2D-BEC2-D9F9232A1D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*",
"matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:a:*:*:*:*:*:*",
"matchCriteriaId": "D4C84C4B-3133-4589-B17E-903F78086A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:b:*:*:*:*:*:*",
"matchCriteriaId": "366DE55B-E2FC-4CA1-B35C-1F09942A31A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre1:*:*:*:*:*:*",
"matchCriteriaId": "A1B51DC2-7C58-4073-B352-02A0B56D447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:pre2:*:*:*:*:*:*",
"matchCriteriaId": "209642A4-56B7-4345-B09D-57636A3D221F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:a:*:*:*:*:*:*",
"matchCriteriaId": "79BC687A-A16D-4923-B592-549E12272045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:b:*:*:*:*:*:*",
"matchCriteriaId": "2C400CA8-7CE1-4E6D-ABAD-102E4BD12C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:a:*:*:*:*:*:*",
"matchCriteriaId": "1C6966F1-F1F5-45F6-B446-8408EB1DE9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13:a:*:*:*:*:*:*",
"matchCriteriaId": "C462D2DB-B831-4395-A697-412AF5269E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:a:*:*:*:*:*:*",
"matchCriteriaId": "893F2C07-21F3-4B1E-B295-6B4DD20B97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:b:*:*:*:*:*:*",
"matchCriteriaId": "A6F4CFB6-9BD7-467E-ACDD-879D782DD2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16:c:*:*:*:*:*:*",
"matchCriteriaId": "E10A65F7-517F-4966-B83F-7323C8ADA70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:a:*:*:*:*:*:*",
"matchCriteriaId": "F621BF1C-B9F1-4055-B5D8-6FC70BB3A6D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F0545634-EC4A-48E8-AB3D-49802FB11758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A53FF936-C785-4CEF-BAD0-3C3EB90EE466",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:vmware:*:*:*:*:*",
"matchCriteriaId": "B654E601-9B41-416B-9619-A60E6151EC68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en Pure-ftpd v1.0.22 y posiblemente en otras versiones, cuando se ejecutan en SUSE Linux Enterprise Server y posiblemente otros sistemas operativos y cuando la funci\u00f3n de servidor remoto Netware OES est\u00e1 activada, permite a usuarios locales sobreescribir ficheros arbitrarios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-3171",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-04T21:55:02.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49541"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69686"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-23 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd | ||
| secalert@redhat.com | http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd | Patch | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/04/11/14 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/04/11/3 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/04/11/7 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/04/11/8 | ||
| secalert@redhat.com | http://secunia.com/advisories/43988 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/44548 | ||
| secalert@redhat.com | http://www.pureftpd.org/project/pure-ftpd/news | ||
| secalert@redhat.com | https://bugzilla.novell.com/show_bug.cgi?id=686590 | Patch | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=683221 | ||
| secalert@redhat.com | https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/04/11/14 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/04/11/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/04/11/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/04/11/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43988 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44548 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pureftpd.org/project/pure-ftpd/news | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.novell.com/show_bug.cgi?id=686590 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=683221 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pureftpd | pure-ftpd | * | |
| pureftpd | pure-ftpd | 0.90 | |
| pureftpd | pure-ftpd | 0.91 | |
| pureftpd | pure-ftpd | 0.92 | |
| pureftpd | pure-ftpd | 0.93 | |
| pureftpd | pure-ftpd | 0.94 | |
| pureftpd | pure-ftpd | 0.95 | |
| pureftpd | pure-ftpd | 0.95-pre1 | |
| pureftpd | pure-ftpd | 0.95-pre2 | |
| pureftpd | pure-ftpd | 0.95-pre3 | |
| pureftpd | pure-ftpd | 0.95-pre4 | |
| pureftpd | pure-ftpd | 0.95.1 | |
| pureftpd | pure-ftpd | 0.95.2 | |
| pureftpd | pure-ftpd | 0.96 | |
| pureftpd | pure-ftpd | 0.96.1 | |
| pureftpd | pure-ftpd | 0.96pre1 | |
| pureftpd | pure-ftpd | 0.97-final | |
| pureftpd | pure-ftpd | 0.97.1 | |
| pureftpd | pure-ftpd | 0.97.2 | |
| pureftpd | pure-ftpd | 0.97.3 | |
| pureftpd | pure-ftpd | 0.97.4 | |
| pureftpd | pure-ftpd | 0.97.5 | |
| pureftpd | pure-ftpd | 0.97.6 | |
| pureftpd | pure-ftpd | 0.97.7 | |
| pureftpd | pure-ftpd | 0.97.7pre1 | |
| pureftpd | pure-ftpd | 0.97.7pre2 | |
| pureftpd | pure-ftpd | 0.97.7pre3 | |
| pureftpd | pure-ftpd | 0.97pre1 | |
| pureftpd | pure-ftpd | 0.97pre2 | |
| pureftpd | pure-ftpd | 0.97pre3 | |
| pureftpd | pure-ftpd | 0.97pre4 | |
| pureftpd | pure-ftpd | 0.97pre5 | |
| pureftpd | pure-ftpd | 0.98-final | |
| pureftpd | pure-ftpd | 0.98.1 | |
| pureftpd | pure-ftpd | 0.98.2 | |
| pureftpd | pure-ftpd | 0.98.2a | |
| pureftpd | pure-ftpd | 0.98.3 | |
| pureftpd | pure-ftpd | 0.98.4 | |
| pureftpd | pure-ftpd | 0.98.5 | |
| pureftpd | pure-ftpd | 0.98.6 | |
| pureftpd | pure-ftpd | 0.98.7 | |
| pureftpd | pure-ftpd | 0.98pre1 | |
| pureftpd | pure-ftpd | 0.98pre2 | |
| pureftpd | pure-ftpd | 0.99 | |
| pureftpd | pure-ftpd | 0.99.1 | |
| pureftpd | pure-ftpd | 0.99.1a | |
| pureftpd | pure-ftpd | 0.99.1b | |
| pureftpd | pure-ftpd | 0.99.2 | |
| pureftpd | pure-ftpd | 0.99.2a | |
| pureftpd | pure-ftpd | 0.99.3 | |
| pureftpd | pure-ftpd | 0.99.4 | |
| pureftpd | pure-ftpd | 0.99.9 | |
| pureftpd | pure-ftpd | 0.99a | |
| pureftpd | pure-ftpd | 0.99b | |
| pureftpd | pure-ftpd | 0.99pre1 | |
| pureftpd | pure-ftpd | 0.99pre2 | |
| pureftpd | pure-ftpd | 1.0.0 | |
| pureftpd | pure-ftpd | 1.0.1 | |
| pureftpd | pure-ftpd | 1.0.2 | |
| pureftpd | pure-ftpd | 1.0.3 | |
| pureftpd | pure-ftpd | 1.0.4 | |
| pureftpd | pure-ftpd | 1.0.5 | |
| pureftpd | pure-ftpd | 1.0.6 | |
| pureftpd | pure-ftpd | 1.0.7 | |
| pureftpd | pure-ftpd | 1.0.8 | |
| pureftpd | pure-ftpd | 1.0.9 | |
| pureftpd | pure-ftpd | 1.0.10 | |
| pureftpd | pure-ftpd | 1.0.11 | |
| pureftpd | pure-ftpd | 1.0.12 | |
| pureftpd | pure-ftpd | 1.0.13a | |
| pureftpd | pure-ftpd | 1.0.14 | |
| pureftpd | pure-ftpd | 1.0.15 | |
| pureftpd | pure-ftpd | 1.0.16a | |
| pureftpd | pure-ftpd | 1.0.16b | |
| pureftpd | pure-ftpd | 1.0.16c | |
| pureftpd | pure-ftpd | 1.0.17 | |
| pureftpd | pure-ftpd | 1.0.17a | |
| pureftpd | pure-ftpd | 1.0.18 | |
| pureftpd | pure-ftpd | 1.0.19 | |
| pureftpd | pure-ftpd | 1.0.20 | |
| pureftpd | pure-ftpd | 1.0.21 | |
| pureftpd | pure-ftpd | 1.0.22 | |
| pureftpd | pure-ftpd | 1.0.24 | |
| pureftpd | pure-ftpd | 1.0.25 | |
| pureftpd | pure-ftpd | 1.0.26 | |
| pureftpd | pure-ftpd | 1.0.27 | |
| pureftpd | pure-ftpd | 1.0.28 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D14516-085B-45FB-A7F5-C695F72586FA",
"versionEndIncluding": "1.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF345E7-32E3-4AC2-AF59-2909BCD0F0E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E9891-37F0-4A89-8313-3DF7B30D20C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "3503BC8E-04EB-4B8B-BCC5-257FBE275435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "64733EB4-34AE-4BF6-BC42-5BEB171D02F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "6341410D-6327-40CB-8E77-03715170957A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*",
"matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*",
"matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "82F13F0C-B2B7-4DBA-BEB0-4599CE2EE422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "11938621-40EA-4B68-B802-B793F3AAD990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAAE0EB-626A-42BD-A522-CAA026AF5BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2139A56-05FC-468A-8BA4-D319FD878976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCE9F15-F266-4194-A328-BE7EB2D4CA6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF3055A8-D3BB-4A42-8A5A-848502C08CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "535B52FC-4573-42C7-A0F4-29B8B7BEFD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "0772C8AB-3290-4A18-8417-4EB248398478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98-final:*:*:*:*:*:*:*",
"matchCriteriaId": "BC466025-06CF-48F9-B57A-02FD4D62B472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADCEF99-E5A8-4890-B75D-5055F09EDA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*",
"matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF09FF7-82C8-4C1F-A9CB-245A7D11D2D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B687A9-8B0B-4059-B6F6-29D76440F054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1A7388-0878-492C-B89A-C732CCE3E6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1025C8-B056-4AA7-9976-5FD6AC51A012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "70D16075-5855-4448-B79D-8B7385EE0E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED3D13F-D769-4668-AD31-9E9C6B4F1738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "7B02414C-C7CF-4719-ABCC-FB019C205163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0518387-8900-43BF-B592-EB9F725E9FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2044321-568E-4381-83EC-EBF9F0D46CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13a:*:*:*:*:*:*:*",
"matchCriteriaId": "8622805C-1E49-45F5-8CB0-2C0ECD9E5F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16a:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB3C26B-945B-4C81-BF15-4E767B544A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16b:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AD4259-CA7D-45D1-8459-F8D44165AC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16c:*:*:*:*:*:*:*",
"matchCriteriaId": "866DF3B5-A364-4563-A883-D052DCD86C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17a:*:*:*:*:*:*:*",
"matchCriteriaId": "59FBF7FD-A6C9-46F0-8C9E-CF2098DCB8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "66DC1055-CD1D-48B3-9CC4-40F42C3490A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F753B7E9-BC46-40AD-A6E6-638C91468756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F7326-B11E-42AE-A0E4-E02CA9E0F9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "307B2193-1737-4FD5-B1E9-19DCB88443B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "42799518-1D12-4500-8E06-ED10D2239FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "31411BEC-1326-4CC4-84FB-6DFCB0D3AFEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de STARTTLS en ftp_parser.c de Pure-FTPd en versiones anteriores a 1.0.30\r\nno restringe correctamente el buffer de entrada/salida, que permite a los atacantes a realizar \"man-in-the-middle\" para insertar comandos en las sesiones FTP cifradas mediante el env\u00edo de un comando en claro que se procesa despu\u00e9s de TLS est\u00e9 funcionando, se relaciona con una \"inyecci\u00f3n de comandos de texto claro\" es un problema similar a CVE-2011-0411."
}
],
"id": "CVE-2011-1575",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-23T22:55:01.207",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/04/11/14"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/04/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/04/11/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/04/11/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43988"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44548"
},
{
"source": "secalert@redhat.com",
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/04/11/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/04/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/04/11/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/04/11/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pureftpd.org/project/pure-ftpd/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}