CVE-2011-1575 — Command Injection in Pure-ftpd

6 documents6 sources

Severity

5.8MEDIUMNVD

CNA6.8OSV6.8

EPSS

22.2%

top 4.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pureftpd Pure-ftpd

Timeline

PublishedMay 23

Latest updateMay 17

Description

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debianpureftpd/pure-ftpd< 1.0.30-1+2

▶NVDpureftpd/pure-ftpd1.0.29+86

Patches

Patch: archives.pureftpd.org ↗Patch: bugzilla.novell.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-mqpg-5c3p-cx82: The STARTTLS implementation in ftp_parser↗2022-05-17

▶

CVEList

CVE-2011-1575: The STARTTLS implementation in ftp_parser↗2011-05-23

▶

OSV

CVE-2011-1575: The STARTTLS implementation in ftp_parser↗2011-05-23

▶

📋Vendor Advisories

Debian

CVE-2011-1575: pure-ftpd - The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not ...↗2011

▶

💬Community

Bugzilla

CVE-2011-1575 pure-ftpd: command injection during plaintext to TLS session switch↗2011-03-08

▶