CVE-2011-1575

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
pureftpdpure-ftpd
𝑥
≤ 1.0.29
pureftpdpure-ftpd
0.90
pureftpdpure-ftpd
0.91
pureftpdpure-ftpd
0.92
pureftpdpure-ftpd
0.93
pureftpdpure-ftpd
0.94
pureftpdpure-ftpd
0.95
pureftpdpure-ftpd
0.95-pre1
pureftpdpure-ftpd
0.95-pre2
pureftpdpure-ftpd
0.95-pre3
pureftpdpure-ftpd
0.95-pre4
pureftpdpure-ftpd
0.95.1
pureftpdpure-ftpd
0.95.2
pureftpdpure-ftpd
0.96
pureftpdpure-ftpd
0.96.1
pureftpdpure-ftpd
0.96pre1:pre1
pureftpdpure-ftpd
0.97-final
pureftpdpure-ftpd
0.97.1
pureftpdpure-ftpd
0.97.2
pureftpdpure-ftpd
0.97.3
pureftpdpure-ftpd
0.97.4
pureftpdpure-ftpd
0.97.5
pureftpdpure-ftpd
0.97.6
pureftpdpure-ftpd
0.97.7
pureftpdpure-ftpd
0.97.7pre1:pre1
pureftpdpure-ftpd
0.97.7pre2:pre2
pureftpdpure-ftpd
0.97.7pre3:pre3
pureftpdpure-ftpd
0.97pre1:pre1
pureftpdpure-ftpd
0.97pre2:pre2
pureftpdpure-ftpd
0.97pre3:pre3
pureftpdpure-ftpd
0.97pre4:pre4
pureftpdpure-ftpd
0.97pre5:pre5
pureftpdpure-ftpd
0.98-final
pureftpdpure-ftpd
0.98.1
pureftpdpure-ftpd
0.98.2
pureftpdpure-ftpd
0.98.2a:a
pureftpdpure-ftpd
0.98.3
pureftpdpure-ftpd
0.98.4
pureftpdpure-ftpd
0.98.5
pureftpdpure-ftpd
0.98.6
pureftpdpure-ftpd
0.98.7
pureftpdpure-ftpd
0.98pre1:pre1
pureftpdpure-ftpd
0.98pre2:pre2
pureftpdpure-ftpd
0.99
pureftpdpure-ftpd
0.99.1
pureftpdpure-ftpd
0.99.1a:a
pureftpdpure-ftpd
0.99.1b:b
pureftpdpure-ftpd
0.99.2
pureftpdpure-ftpd
0.99.2a:a
pureftpdpure-ftpd
0.99.3
pureftpdpure-ftpd
0.99.4
pureftpdpure-ftpd
0.99.9
pureftpdpure-ftpd
0.99a:a
pureftpdpure-ftpd
0.99b:b
pureftpdpure-ftpd
0.99pre1:pre1
pureftpdpure-ftpd
0.99pre2:pre2
pureftpdpure-ftpd
1.0.0
pureftpdpure-ftpd
1.0.1
pureftpdpure-ftpd
1.0.2
pureftpdpure-ftpd
1.0.3
pureftpdpure-ftpd
1.0.4
pureftpdpure-ftpd
1.0.5
pureftpdpure-ftpd
1.0.6
pureftpdpure-ftpd
1.0.7
pureftpdpure-ftpd
1.0.8
pureftpdpure-ftpd
1.0.9
pureftpdpure-ftpd
1.0.10
pureftpdpure-ftpd
1.0.11
pureftpdpure-ftpd
1.0.12
pureftpdpure-ftpd
1.0.13a:a
pureftpdpure-ftpd
1.0.14
pureftpdpure-ftpd
1.0.15
pureftpdpure-ftpd
1.0.16a:a
pureftpdpure-ftpd
1.0.16b:b
pureftpdpure-ftpd
1.0.16c:c
pureftpdpure-ftpd
1.0.17
pureftpdpure-ftpd
1.0.17a:a
pureftpdpure-ftpd
1.0.18
pureftpdpure-ftpd
1.0.19
pureftpdpure-ftpd
1.0.20
pureftpdpure-ftpd
1.0.21
pureftpdpure-ftpd
1.0.22
pureftpdpure-ftpd
1.0.24
pureftpdpure-ftpd
1.0.25
pureftpdpure-ftpd
1.0.26
pureftpdpure-ftpd
1.0.27
pureftpdpure-ftpd
1.0.28
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pure-ftpd
bullseye
1.0.49-4.1
fixed
lenny
no-dsa
bookworm
1.0.50-2.1
fixed
sid
1.0.50-2.2
fixed
trixie
1.0.50-2.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pure-ftpd
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd
http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html
http://openwall.com/lists/oss-security/2011/04/11/14
http://openwall.com/lists/oss-security/2011/04/11/3
http://openwall.com/lists/oss-security/2011/04/11/7
http://openwall.com/lists/oss-security/2011/04/11/8
http://secunia.com/advisories/43988
http://secunia.com/advisories/44548
http://www.pureftpd.org/project/pure-ftpd/news
https://bugzilla.novell.com/show_bug.cgi?id=686590
https://bugzilla.redhat.com/show_bug.cgi?id=683221
https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4
http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd
http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html
http://openwall.com/lists/oss-security/2011/04/11/14
http://openwall.com/lists/oss-security/2011/04/11/3
http://openwall.com/lists/oss-security/2011/04/11/7
http://openwall.com/lists/oss-security/2011/04/11/8
http://secunia.com/advisories/43988
http://secunia.com/advisories/44548
http://www.pureftpd.org/project/pure-ftpd/news
https://bugzilla.novell.com/show_bug.cgi?id=686590
https://bugzilla.redhat.com/show_bug.cgi?id=683221
https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4