CVE-2011-1575

Current Description

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Basic Data

PublishedMay 23, 2011
Last ModifiedFebruary 21, 2014
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPureftpdPure-ftpd0.90*******
    2.3ApplicationPureftpdPure-ftpd0.91*******
    2.3ApplicationPureftpdPure-ftpd0.92*******
    2.3ApplicationPureftpdPure-ftpd0.93*******
    2.3ApplicationPureftpdPure-ftpd0.94*******
    2.3ApplicationPureftpdPure-ftpd0.95*******
    2.3ApplicationPureftpdPure-ftpd0.95-pre1*******
    2.3ApplicationPureftpdPure-ftpd0.95-pre2*******
    2.3ApplicationPureftpdPure-ftpd0.95-pre3*******
    2.3ApplicationPureftpdPure-ftpd0.95-pre4*******
    2.3ApplicationPureftpdPure-ftpd0.95.1*******
    2.3ApplicationPureftpdPure-ftpd0.95.2*******
    2.3ApplicationPureftpdPure-ftpd0.96*******
    2.3ApplicationPureftpdPure-ftpd0.96.1*******
    2.3ApplicationPureftpdPure-ftpd0.96pre1*******
    2.3ApplicationPureftpdPure-ftpd0.97-final*******
    2.3ApplicationPureftpdPure-ftpd0.97.1*******
    2.3ApplicationPureftpdPure-ftpd0.97.2*******
    2.3ApplicationPureftpdPure-ftpd0.97.3*******
    2.3ApplicationPureftpdPure-ftpd0.97.4*******
    2.3ApplicationPureftpdPure-ftpd0.97.5*******
    2.3ApplicationPureftpdPure-ftpd0.97.6*******
    2.3ApplicationPureftpdPure-ftpd0.97.7*******
    2.3ApplicationPureftpdPure-ftpd0.97.7pre1*******
    2.3ApplicationPureftpdPure-ftpd0.97.7pre2*******
    2.3ApplicationPureftpdPure-ftpd0.97.7pre3*******
    2.3ApplicationPureftpdPure-ftpd0.97pre1*******
    2.3ApplicationPureftpdPure-ftpd0.97pre2*******
    2.3ApplicationPureftpdPure-ftpd0.97pre3*******
    2.3ApplicationPureftpdPure-ftpd0.97pre4*******
    2.3ApplicationPureftpdPure-ftpd0.97pre5*******
    2.3ApplicationPureftpdPure-ftpd0.98-final*******
    2.3ApplicationPureftpdPure-ftpd0.98.1*******
    2.3ApplicationPureftpdPure-ftpd0.98.2*******
    2.3ApplicationPureftpdPure-ftpd0.98.2a*******
    2.3ApplicationPureftpdPure-ftpd0.98.3*******
    2.3ApplicationPureftpdPure-ftpd0.98.4*******
    2.3ApplicationPureftpdPure-ftpd0.98.5*******
    2.3ApplicationPureftpdPure-ftpd0.98.6*******
    2.3ApplicationPureftpdPure-ftpd0.98.7*******
    2.3ApplicationPureftpdPure-ftpd0.98pre1*******
    2.3ApplicationPureftpdPure-ftpd0.98pre2*******
    2.3ApplicationPureftpdPure-ftpd0.99*******
    2.3ApplicationPureftpdPure-ftpd0.99.1*******
    2.3ApplicationPureftpdPure-ftpd0.99.1a*******
    2.3ApplicationPureftpdPure-ftpd0.99.1b*******
    2.3ApplicationPureftpdPure-ftpd0.99.2*******
    2.3ApplicationPureftpdPure-ftpd0.99.2a*******
    2.3ApplicationPureftpdPure-ftpd0.99.3*******
    2.3ApplicationPureftpdPure-ftpd0.99.4*******
    2.3ApplicationPureftpdPure-ftpd0.99.9*******
    2.3ApplicationPureftpdPure-ftpd0.99a*******
    2.3ApplicationPureftpdPure-ftpd0.99b*******
    2.3ApplicationPureftpdPure-ftpd0.99pre1*******
    2.3ApplicationPureftpdPure-ftpd0.99pre2*******
    2.3ApplicationPureftpdPure-ftpd1.0.0*******
    2.3ApplicationPureftpdPure-ftpd1.0.1*******
    2.3ApplicationPureftpdPure-ftpd1.0.2*******
    2.3ApplicationPureftpdPure-ftpd1.0.3*******
    2.3ApplicationPureftpdPure-ftpd1.0.4*******
    2.3ApplicationPureftpdPure-ftpd1.0.5*******
    2.3ApplicationPureftpdPure-ftpd1.0.6*******
    2.3ApplicationPureftpdPure-ftpd1.0.7*******
    2.3ApplicationPureftpdPure-ftpd1.0.8*******
    2.3ApplicationPureftpdPure-ftpd1.0.9*******
    2.3ApplicationPureftpdPure-ftpd1.0.10*******
    2.3ApplicationPureftpdPure-ftpd1.0.11*******
    2.3ApplicationPureftpdPure-ftpd1.0.12*******
    2.3ApplicationPureftpdPure-ftpd1.0.13a*******
    2.3ApplicationPureftpdPure-ftpd1.0.14*******
    2.3ApplicationPureftpdPure-ftpd1.0.15*******
    2.3ApplicationPureftpdPure-ftpd1.0.16a*******
    2.3ApplicationPureftpdPure-ftpd1.0.16b*******
    2.3ApplicationPureftpdPure-ftpd1.0.16c*******
    2.3ApplicationPureftpdPure-ftpd1.0.17*******
    2.3ApplicationPureftpdPure-ftpd1.0.17a*******
    2.3ApplicationPureftpdPure-ftpd1.0.18*******
    2.3ApplicationPureftpdPure-ftpd1.0.19*******
    2.3ApplicationPureftpdPure-ftpd1.0.20*******
    2.3ApplicationPureftpdPure-ftpd1.0.21*******
    2.3ApplicationPureftpdPure-ftpd1.0.22*******
    2.3ApplicationPureftpdPure-ftpd1.0.24*******
    2.3ApplicationPureftpdPure-ftpd1.0.25*******
    2.3ApplicationPureftpdPure-ftpd1.0.26*******
    2.3ApplicationPureftpdPure-ftpd1.0.27*******
    2.3ApplicationPureftpdPure-ftpd1.0.28*******
    2.3ApplicationPureftpdPure-ftpd********1.0.29

Vulnerable Software List

VendorProductVersions
Pureftpd Pure-ftpd *, 0.90, 0.91, 0.92, 0.93, 0.94, 0.95, 0.95-pre1, 0.95-pre2, 0.95-pre3, 0.95-pre4, 0.95.1, 0.95.2, 0.96, 0.96.1, 0.96pre1, 0.97-final, 0.97.1, 0.97.2, 0.97.3, 0.97.4, 0.97.5, 0.97.6, 0.97.7, 0.97.7pre1, 0.97.7pre2, 0.97.7pre3, 0.97pre1, 0.97pre2, 0.97pre3, 0.97pre4, 0.97pre5, 0.98-final, 0.98.1, 0.98.2, 0.98.2a, 0.98.3, 0.98.4, 0.98.5, 0.98.6, 0.98.7, 0.98pre1, 0.98pre2, 0.99, 0.99.1, 0.99.1a, 0.99.1b, 0.99.2, 0.99.2a, 0.99.3, 0.99.4, 0.99.9, 0.99a, 0.99b, 0.99pre1, 0.99pre2, 1.0.0, 1.0.1, 1.0.10, 1.0.11, 1.0.12, 1.0.13a, 1.0.14, 1.0.15, 1.0.16a, 1.0.16b, 1.0.16c, 1.0.17, 1.0.17a, 1.0.18, 1.0.19, 1.0.2, 1.0.20, 1.0.21, 1.0.22, 1.0.24, 1.0.25, 1.0.26, 1.0.27, 1.0.28, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9

References

NameSourceURLTags
[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been releasedhttp://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeaddMLIST
[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been releasedhttp://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeaddMLISTPatch
SUSE-SR:2011:009http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlSUSE
[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.htmlMLIST
[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?http://openwall.com/lists/oss-security/2011/04/11/14MLIST
[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?http://openwall.com/lists/oss-security/2011/04/11/3MLIST
[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?http://openwall.com/lists/oss-security/2011/04/11/7MLIST
[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?http://openwall.com/lists/oss-security/2011/04/11/8MLIST
43988http://secunia.com/advisories/43988SECUNIAVendor Advisory
44548http://secunia.com/advisories/44548SECUNIA
http://www.pureftpd.org/project/pure-ftpd/newshttp://www.pureftpd.org/project/pure-ftpd/newsCONFIRM
https://bugzilla.novell.com/show_bug.cgi?id=686590https://bugzilla.novell.com/show_bug.cgi?id=686590CONFIRMPatch
https://bugzilla.redhat.com/show_bug.cgi?id=683221https://bugzilla.redhat.com/show_bug.cgi?id=683221CONFIRM
https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4CONFIRMPatch