CVE-2011-0418 - Vulnerability Details

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netbsd	Netbsd
Pureftpd	Pure-ftpd

Configuration 1 [-]

OR	cpe:2.3:a:pureftpd:pure-ftpd::::::::
	cpe:2.3:a:pureftpd:pure-ftpd:0.90:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.91:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.92:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.93:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.94:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.95:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre3:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre4:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.96:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.96pre1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre3:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre3:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre4:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre5:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98-final:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98.2a:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98pre1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.98pre2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99.1a:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99.1b:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99.2a:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99a:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99b:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99pre1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:0.99pre2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:::::::*
	cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.13a:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.16a:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.16b:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.16c:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.17a:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.24:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.25:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.26:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.27:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.28:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.29:::::::*
cpe:2.3:a:pureftpd:pure-ftpd:1.0.30:::::::*

Configuration 2 [-]

cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h
http://securityreason.com/achievement_securityalert/97
http://securityreason.com/securityalert/8228
http://www.mandriva.com/security/advisories?name=MDVSA-2011:094
http://www.pureftpd.org/project/pure-ftpd/news
http://www.securityfocus.com/bid/47671
http://www.vupen.com/english/advisories/2011/1273
https://bugzilla.redhat.com/show_bug.cgi?id=704283

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2011-05-24T23:00:00

Updated: 2024-08-06T21:51:08.688Z

Reserved: 2011-01-11T00:00:00

Link: CVE-2011-0418

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-05-24T23:55:01.653

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0418

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-21T00:00:00", "descriptions": [{"lang": "en", "value": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-22T09:00:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"}, {"name": "ADV-2011-1273", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/1273"}, {"name": "MDVSA-2011:094", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"}, {"name": "47671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47671"}, {"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", "tags": ["third-party-advisory", "x_refsource_SREASONRES"], "url": "http://securityreason.com/achievement_securityalert/97"}, {"name": "8228", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8228"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.pureftpd.org/project/pure-ftpd/news"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2011-0418", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28", "refsource": "CONFIRM", "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"}, {"name": "ADV-2011-1273", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/1273"}, {"name": "MDVSA-2011:094", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"}, {"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h", "refsource": "CONFIRM", "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=704283", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"}, {"name": "47671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47671"}, {"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/97"}, {"name": "8228", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8228"}, {"name": "http://www.pureftpd.org/project/pure-ftpd/news", "refsource": "CONFIRM", "url": "http://www.pureftpd.org/project/pure-ftpd/news"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:51:08.688Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"}, {"name": "ADV-2011-1273", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/1273"}, {"name": "MDVSA-2011:094", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"}, {"name": "47671", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47671"}, {"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", "tags": ["third-party-advisory", "x_refsource_SREASONRES", "x_transferred"], "url": "http://securityreason.com/achievement_securityalert/97"}, {"name": "8228", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8228"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pureftpd.org/project/pure-ftpd/news"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2011-0418", "datePublished": "2011-05-24T23:00:00", "dateReserved": "2011-01-11T00:00:00", "dateUpdated": "2024-08-06T21:51:08.688Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "24538806-F3EF-4736-A5BB-828A9A176FB7", "versionEndIncluding": "1.0.31", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*", "matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre1:*:*:*:*:*:*:*", "matchCriteriaId": "AEF345E7-32E3-4AC2-AF59-2909BCD0F0E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre2:*:*:*:*:*:*:*", "matchCriteriaId": "BB8E9891-37F0-4A89-8313-3DF7B30D20C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre3:*:*:*:*:*:*:*", "matchCriteriaId": "3503BC8E-04EB-4B8B-BCC5-257FBE275435", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre4:*:*:*:*:*:*:*", "matchCriteriaId": "64733EB4-34AE-4BF6-BC42-5BEB171D02F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*", "matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*", "matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96pre1:*:*:*:*:*:*:*", "matchCriteriaId": "6341410D-6327-40CB-8E77-03715170957A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*", "matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*", "matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*", "matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*", "matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*", "matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*", "matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre1:*:*:*:*:*:*:*", "matchCriteriaId": "82F13F0C-B2B7-4DBA-BEB0-4599CE2EE422", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre2:*:*:*:*:*:*:*", "matchCriteriaId": "11938621-40EA-4B68-B802-B793F3AAD990", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre3:*:*:*:*:*:*:*", "matchCriteriaId": "3DAAE0EB-626A-42BD-A522-CAA026AF5BD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre1:*:*:*:*:*:*:*", "matchCriteriaId": "C2139A56-05FC-468A-8BA4-D319FD878976", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre2:*:*:*:*:*:*:*", "matchCriteriaId": "1DCE9F15-F266-4194-A328-BE7EB2D4CA6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre3:*:*:*:*:*:*:*", "matchCriteriaId": "BF3055A8-D3BB-4A42-8A5A-848502C08CA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre4:*:*:*:*:*:*:*", "matchCriteriaId": "535B52FC-4573-42C7-A0F4-29B8B7BEFD65", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre5:*:*:*:*:*:*:*", "matchCriteriaId": "0772C8AB-3290-4A18-8417-4EB248398478", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98-final:*:*:*:*:*:*:*", "matchCriteriaId": "BC466025-06CF-48F9-B57A-02FD4D62B472", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*", "matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2a:*:*:*:*:*:*:*", "matchCriteriaId": "4ADCEF99-E5A8-4890-B75D-5055F09EDA23", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*", "matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*", "matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*", "matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*", "matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*", "matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98pre1:*:*:*:*:*:*:*", "matchCriteriaId": "AAF09FF7-82C8-4C1F-A9CB-245A7D11D2D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98pre2:*:*:*:*:*:*:*", "matchCriteriaId": "E0B687A9-8B0B-4059-B6F6-29D76440F054", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1a:*:*:*:*:*:*:*", "matchCriteriaId": "ED1A7388-0878-492C-B89A-C732CCE3E6EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1b:*:*:*:*:*:*:*", "matchCriteriaId": "DF1025C8-B056-4AA7-9976-5FD6AC51A012", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2a:*:*:*:*:*:*:*", "matchCriteriaId": "70D16075-5855-4448-B79D-8B7385EE0E16", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*", "matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*", "matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*", "matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99a:*:*:*:*:*:*:*", "matchCriteriaId": "7ED3D13F-D769-4668-AD31-9E9C6B4F1738", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99b:*:*:*:*:*:*:*", "matchCriteriaId": "7B02414C-C7CF-4719-ABCC-FB019C205163", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99pre1:*:*:*:*:*:*:*", "matchCriteriaId": "B0518387-8900-43BF-B592-EB9F725E9FBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99pre2:*:*:*:*:*:*:*", "matchCriteriaId": "C2044321-568E-4381-83EC-EBF9F0D46CA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13a:*:*:*:*:*:*:*", "matchCriteriaId": "8622805C-1E49-45F5-8CB0-2C0ECD9E5F0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16a:*:*:*:*:*:*:*", "matchCriteriaId": "DEB3C26B-945B-4C81-BF15-4E767B544A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16b:*:*:*:*:*:*:*", "matchCriteriaId": "C3AD4259-CA7D-45D1-8459-F8D44165AC15", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16c:*:*:*:*:*:*:*", "matchCriteriaId": "866DF3B5-A364-4563-A883-D052DCD86C51", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17a:*:*:*:*:*:*:*", "matchCriteriaId": "59FBF7FD-A6C9-46F0-8C9E-CF2098DCB8CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "66DC1055-CD1D-48B3-9CC4-40F42C3490A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "F753B7E9-BC46-40AD-A6E6-638C91468756", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "2D2F7326-B11E-42AE-A0E4-E02CA9E0F9E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "307B2193-1737-4FD5-B1E9-19DCB88443B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "42799518-1D12-4500-8E06-ED10D2239FCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "31411BEC-1326-4CC4-84FB-6DFCB0D3AFEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "D9247A4F-2E8A-43B6-8850-3A9A678AC0EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "524E4B4E-8D00-4078-AC99-250066F76B29", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "730917F8-E1F4-4836-B05A-16B2BA5774DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command."}, {"lang": "es", "value": "La implementaci\u00f3n del comando glob de Pure-FTPd en versiones anteriores a 1.0.32, y en libc de NetBSD 5.1, no expande apropiadamente las expresiones que contienen llaves, lo que permite a usuarios autenticados remotos provocar una denegaci\u00f3n de servicio (consumo de toda la memoria) a trav\u00e9s de un comando FTP STAT modificado."}], "id": "CVE-2011-0418", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-24T23:55:01.653", "references": [{"source": "cret@cert.org", "tags": ["Patch"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://securityreason.com/achievement_securityalert/97"}, {"source": "cret@cert.org", "url": "http://securityreason.com/securityalert/8228"}, {"source": "cret@cert.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"}, {"source": "cret@cert.org", "url": "http://www.pureftpd.org/project/pure-ftpd/news"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/47671"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/1273"}, {"source": "cret@cert.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://securityreason.com/achievement_securityalert/97"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8228"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.pureftpd.org/project/pure-ftpd/news"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/47671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/1273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object