CVE-2011-1575

Severity

57%

Complexity

86%

Confidentiality

81%

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

Type

Pure-FTPd

First reported 13 years ago

2011-05-23 22:55:00

Last updated 11 years ago

2014-02-21 04:41:00

Affected Software

Pure-FTPd 0.90

0.90

Pure-FTPd 0.91

0.91

Pure-FTPd 0.92

0.92

Pure-FTPd 0.93

0.93

Pure-FTPd 0.94

0.94

Pure-FTPd 0.95

0.95

Pure-FTPd 0.95.1

0.95.1

Pure-FTPd 0.95.2

0.95.2

Pure-FTPd 0.96

0.96

Pure-FTPd 0.96.1

0.96.1

Pure-FTPd 0.97-final

0.97-final

Pure-FTPd 0.97.1

0.97.1

Pure-FTPd 0.97.2

0.97.2

Pure-FTPd 0.97.3

0.97.3

Pure-FTPd 0.97.4

0.97.4

Pure-FTPd 0.97.5

0.97.5

Pure-FTPd 0.97.6

0.97.6

Pure-FTPd 0.97.7

0.97.7

Pure-FTPd 0.98.1

0.98.1

Pure-FTPd 0.98.2

0.98.2

Pure-FTPd 0.98.3

0.98.3

Pure-FTPd 0.98.4

0.98.4

Pure-FTPd 0.98.5

0.98.5

Pure-FTPd 0.98.6

0.98.6

Pure-FTPd 0.98.7

0.98.7

Pure-FTPd 0.99

0.99

Pure-FTPd 0.99.1

0.99.1

Pure-FTPd 0.99.2

0.99.2

Pure-FTPd 0.99.3

0.99.3

Pure-FTPd 0.99.4

0.99.4

Pure-FTPd 0.99.9

0.99.9

Pure-FTPd 1.0.0

1.0.0

Pure-FTPd 1.0.1

1.0.1

Pure-FTPd 1.0.2

1.0.2

Pure-FTPd 1.0.3

1.0.3

Pure-FTPd 1.0.4

1.0.4

Pure-FTPd 1.0.5

1.0.5

Pure-FTPd 1.0.6

1.0.6

Pure-FTPd 1.0.7

1.0.7

Pure-FTPd 1.0.8

1.0.8

Pure-FTPd 1.0.9

1.0.9

Pure-FTPd 1.0.10

1.0.10

Pure-FTPd 1.0.11

1.0.11

Pure-FTPd 1.0.12

1.0.12

Pure-FTPd 1.0.14

1.0.14

Pure-FTPd 1.0.15

1.0.15

Pure-FTPd 1.0.17

1.0.17

Pure-FTPd 1.0.18

1.0.18

Pure-FTPd 1.0.19

1.0.19

Pure-FTPd 1.0.20

1.0.20

Pure-FTPd 1.0.21

1.0.21

Pure-FTPd 1.0.22

1.0.22

Pure-FTPd 1.0.24

1.0.24

Pure-FTPd 1.0.25

1.0.25

Pure-FTPd 1.0.26

1.0.26

Pure-FTPd 1.0.27

1.0.27

Pure-FTPd 1.0.28

1.0.28

References

[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released

[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released

Patch

SUSE-SR:2011:009

[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).

[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?

[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?

[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?

[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?

43988

Vendor Advisory

44548

http://www.pureftpd.org/project/pure-ftpd/news

https://bugzilla.novell.com/show_bug.cgi?id=686590

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=683221

https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.