{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-10T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/11/14"}, {"name": "SUSE-SR:2011:009", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"}, {"name": "[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"}, {"name": "[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"}, {"name": "43988", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43988"}, {"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/11/7"}, {"name": "44548", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44548"}, {"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/11/8"}, {"name": "[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/11/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.pureftpd.org/project/pure-ftpd/news"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"}, {"name": "[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1575", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/04/11/14"}, {"name": "SUSE-SR:2011:009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=683221", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"}, {"name": "[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released", "refsource": "MLIST", "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"}, {"name": "[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).", "refsource": "MLIST", "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"}, {"name": "43988", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43988"}, {"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/04/11/7"}, {"name": "44548", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44548"}, {"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/04/11/8"}, {"name": "[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/04/11/3"}, {"name": "http://www.pureftpd.org/project/pure-ftpd/news", "refsource": "CONFIRM", "url": "http://www.pureftpd.org/project/pure-ftpd/news"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=686590", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"}, {"name": "[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released", "refsource": "MLIST", "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"}, {"name": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4", "refsource": "CONFIRM", "url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.928Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/11/14"}, {"name": "SUSE-SR:2011:009", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"}, {"name": "[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"}, {"name": "[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575).", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"}, {"name": "43988", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43988"}, {"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/11/7"}, {"name": "44548", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44548"}, {"name": "[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/11/8"}, {"name": "[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/11/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pureftpd.org/project/pure-ftpd/news"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"}, {"name": "[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1575", "datePublished": "2011-05-23T22:00:00", "dateReserved": "2011-04-05T00:00:00", "dateUpdated": "2024-08-06T22:28:41.928Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3D14516-085B-45FB-A7F5-C695F72586FA", "versionEndIncluding": "1.0.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "1BAA8918-A2CB-47A3-BEA5-012202416E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "E7AC08B4-58AC-415A-9B66-40A1E3CCD0F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "109D76F0-FB16-4DB5-8CD9-5FC4B7A888F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "D21A2797-A1E1-41D1-A4F9-88A6BDB39386", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*", "matchCriteriaId": "A6F60D6F-5EED-4F98-B837-8DA704AE655E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "B6FB0AE1-D1C1-49BA-92EB-22610F805C24", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre1:*:*:*:*:*:*:*", "matchCriteriaId": "AEF345E7-32E3-4AC2-AF59-2909BCD0F0E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre2:*:*:*:*:*:*:*", "matchCriteriaId": "BB8E9891-37F0-4A89-8313-3DF7B30D20C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre3:*:*:*:*:*:*:*", "matchCriteriaId": "3503BC8E-04EB-4B8B-BCC5-257FBE275435", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre4:*:*:*:*:*:*:*", "matchCriteriaId": "64733EB4-34AE-4BF6-BC42-5BEB171D02F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*", "matchCriteriaId": "75803E7D-E4C4-429A-831D-E9BD35D3822F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*", "matchCriteriaId": "0AF6AB58-64E1-4B6E-BE3A-F1EF3A4D6D25", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "AEE4E7D4-64C3-401D-88BD-25480BB0353E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DE75C61-AEB4-49FF-92F0-59BE2DC235A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.96pre1:*:*:*:*:*:*:*", "matchCriteriaId": "6341410D-6327-40CB-8E77-03715170957A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*", "matchCriteriaId": "1664490B-CA34-44A3-8EEC-71A07799E870", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*", "matchCriteriaId": "C151E6E5-AC14-4C12-B1E4-4FDED6F5CF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC7E10AE-9B98-4801-91CD-F6EEC75B9C0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFF21C85-76FC-463C-8661-60BE2D3CAC10", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*", "matchCriteriaId": "21110017-470F-4C38-B09F-8DF94E48EFE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*", "matchCriteriaId": "2BA24CD0-22DA-4689-981D-88FAA7FCC1C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*", "matchCriteriaId": "1931478E-A672-4CF6-9BDC-B3C73B7DA5A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*", "matchCriteriaId": "71C4863E-76DA-4E38-B2C7-B30037633030", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre1:*:*:*:*:*:*:*", "matchCriteriaId": "82F13F0C-B2B7-4DBA-BEB0-4599CE2EE422", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre2:*:*:*:*:*:*:*", "matchCriteriaId": "11938621-40EA-4B68-B802-B793F3AAD990", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre3:*:*:*:*:*:*:*", "matchCriteriaId": "3DAAE0EB-626A-42BD-A522-CAA026AF5BD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre1:*:*:*:*:*:*:*", "matchCriteriaId": "C2139A56-05FC-468A-8BA4-D319FD878976", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre2:*:*:*:*:*:*:*", "matchCriteriaId": "1DCE9F15-F266-4194-A328-BE7EB2D4CA6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre3:*:*:*:*:*:*:*", "matchCriteriaId": "BF3055A8-D3BB-4A42-8A5A-848502C08CA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre4:*:*:*:*:*:*:*", "matchCriteriaId": "535B52FC-4573-42C7-A0F4-29B8B7BEFD65", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.97pre5:*:*:*:*:*:*:*", "matchCriteriaId": "0772C8AB-3290-4A18-8417-4EB248398478", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98-final:*:*:*:*:*:*:*", "matchCriteriaId": "BC466025-06CF-48F9-B57A-02FD4D62B472", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*", "matchCriteriaId": "57A8D91C-EEEB-4F76-8010-2CB174A9B091", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1831F7D-7366-4775-9B70-832F3BAB23E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.2a:*:*:*:*:*:*:*", "matchCriteriaId": "4ADCEF99-E5A8-4890-B75D-5055F09EDA23", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*", "matchCriteriaId": "962C592B-1B02-49EE-9C82-2EA1B0F0F4DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*", "matchCriteriaId": "DA327868-1A00-4BFE-AB29-3DBE57545EBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*", "matchCriteriaId": "09575AA6-7F8C-4A9C-B781-C892B00C3035", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*", "matchCriteriaId": "E3810E39-63C2-486A-9FFC-C7BBC6DCD455", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*", "matchCriteriaId": "07E6BD24-3843-479E-9DD0-56C69F8A0B71", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98pre1:*:*:*:*:*:*:*", "matchCriteriaId": "AAF09FF7-82C8-4C1F-A9CB-245A7D11D2D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.98pre2:*:*:*:*:*:*:*", "matchCriteriaId": "E0B687A9-8B0B-4059-B6F6-29D76440F054", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*", "matchCriteriaId": "41E823CA-D59A-404F-A064-25F557BEBD5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD057E44-D7B8-414C-A21D-DEC8753F0C50", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1a:*:*:*:*:*:*:*", "matchCriteriaId": "ED1A7388-0878-492C-B89A-C732CCE3E6EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.1b:*:*:*:*:*:*:*", "matchCriteriaId": "DF1025C8-B056-4AA7-9976-5FD6AC51A012", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "D968FE34-54C4-4C06-8EB7-0537EDAAD6FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.2a:*:*:*:*:*:*:*", "matchCriteriaId": "70D16075-5855-4448-B79D-8B7385EE0E16", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*", "matchCriteriaId": "4CAD1DE8-7D55-4C0B-B691-E8D8AA6E2689", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*", "matchCriteriaId": "70576B73-12AF-463B-96AB-18725ACDECFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*", "matchCriteriaId": "39F6EBD8-4BFD-49FC-A087-8698DB462880", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99a:*:*:*:*:*:*:*", "matchCriteriaId": "7ED3D13F-D769-4668-AD31-9E9C6B4F1738", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99b:*:*:*:*:*:*:*", "matchCriteriaId": "7B02414C-C7CF-4719-ABCC-FB019C205163", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99pre1:*:*:*:*:*:*:*", "matchCriteriaId": "B0518387-8900-43BF-B592-EB9F725E9FBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:0.99pre2:*:*:*:*:*:*:*", "matchCriteriaId": "C2044321-568E-4381-83EC-EBF9F0D46CA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3737B53D-E0BC-430F-9B00-5F13C15E3EF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF48827A-8F95-4D07-BB35-AD43A048072B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "10DB2640-6C1B-4B95-998C-3737809C9E40", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3A4B5B69-85CF-40C8-BC79-C340A6445F8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8992045B-1EC7-4254-966E-AECDAEFD950E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "14C4E0E1-FC73-4641-A7AC-47E25EAE251B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AF00DCF7-A5B8-4B62-9F4F-EB2273589215", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "947E46FD-1B9D-4F64-8C10-FF332796CFE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "B72E9F25-975E-4609-A741-F472CEB53265", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2D76E5AE-B1D2-4362-915A-A6C15225F772", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "AD6BC5DF-3A1E-4B1F-87E9-857AE413841C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "3928B3DD-CA7E-4204-A49A-7B6E1F973B47", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "091BB6EB-7263-4DD2-8B57-B1FF73D61B7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.13a:*:*:*:*:*:*:*", "matchCriteriaId": "8622805C-1E49-45F5-8CB0-2C0ECD9E5F0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "C705AE7A-8F8B-49C1-BEA4-B1486AAE9E2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "E0AB8F16-5A30-4D85-A3E0-E8EECD5EEA69", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16a:*:*:*:*:*:*:*", "matchCriteriaId": "DEB3C26B-945B-4C81-BF15-4E767B544A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16b:*:*:*:*:*:*:*", "matchCriteriaId": "C3AD4259-CA7D-45D1-8459-F8D44165AC15", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.16c:*:*:*:*:*:*:*", "matchCriteriaId": "866DF3B5-A364-4563-A883-D052DCD86C51", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "B76D15CD-FECF-435F-A7E4-54FE53638C1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.17a:*:*:*:*:*:*:*", "matchCriteriaId": "59FBF7FD-A6C9-46F0-8C9E-CF2098DCB8CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "8669B8EC-482D-44CD-B30E-7D83423E1BC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "B67A0244-D65F-4CCE-A084-31AD9A3D9B8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "DFD2D751-2B85-428E-8766-36F92B338C5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "579ECF9F-EBED-49BC-A804-86C71554D06C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "66DC1055-CD1D-48B3-9CC4-40F42C3490A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "F753B7E9-BC46-40AD-A6E6-638C91468756", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "2D2F7326-B11E-42AE-A0E4-E02CA9E0F9E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "307B2193-1737-4FD5-B1E9-19DCB88443B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "42799518-1D12-4500-8E06-ED10D2239FCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "31411BEC-1326-4CC4-84FB-6DFCB0D3AFEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."}, {"lang": "es", "value": "La implementaci\u00f3n de STARTTLS en ftp_parser.c de Pure-FTPd en versiones anteriores a 1.0.30\r\nno restringe correctamente el buffer de entrada/salida, que permite a los atacantes a realizar \"man-in-the-middle\" para insertar comandos en las sesiones FTP cifradas mediante el env\u00edo de un comando en claro que se procesa despu\u00e9s de TLS est\u00e9 funcionando, se relaciona con una \"inyecci\u00f3n de comandos de texto claro\" es un problema similar a CVE-2011-0411."}], "id": "CVE-2011-1575", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-23T22:55:01.207", "references": [{"source": "secalert@redhat.com", "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/04/11/14"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/04/11/3"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/04/11/7"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/04/11/8"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43988"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/44548"}, {"source": "secalert@redhat.com", "url": "http://www.pureftpd.org/project/pure-ftpd/news"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/04/11/14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/04/11/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/04/11/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/04/11/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43988"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/44548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.pureftpd.org/project/pure-ftpd/news"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=686590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=683221"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}