FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1575

This CVE name corresponds to:

Entered Topic
2011-05-23 pureftpd -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-1575 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-1575
Phase Assigned(20110405)

Description

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

References

Source Reference
MLIST [opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).
MLIST [oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?
MLIST [oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?
MLIST [oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?
MLIST [oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?
MLIST [pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released
MLIST [pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released
CONFIRM http://www.pureftpd.org/project/pure-ftpd/news
CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=686590
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=683221
CONFIRM https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4
SUSE SUSE-SR:2011:009
SECUNIA 43988
SECUNIA 44548

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.