Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2011-1575

Disclosure Date: May 23, 2011
CVE-2011-1575
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a “plaintext command injection” attack, a similar issue to CVE-2011-0411.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2011-1575 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1575)
Advisory
[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE? (http://openwall.com/lists/oss-security/2011/04/11/14)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
https://bugzilla.redhat.com/show_bug.cgi?id=683221
[pure-ftpd] 20110308 Pure-FTPd 1.0.30 has been released (http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd)
[opensuse-updates] 20110512 openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS issues (CVE-2011-1575). (http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html)
SECUNIA-43988 (http://secunia.com/advisories/43988)
[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE? (http://openwall.com/lists/oss-security/2011/04/11/7)
SECUNIA-44548 (http://secunia.com/advisories/44548)
[oss-security] 20110411 Re: pure-ftpd STARTTLS command injection / new CVE? (http://openwall.com/lists/oss-security/2011/04/11/8)
[oss-security] 20110411 pure-ftpd STARTTLS command injection / new CVE? (http://openwall.com/lists/oss-security/2011/04/11/3)
http://www.pureftpd.org/project/pure-ftpd/news
https://bugzilla.novell.com/show_bug.cgi?id=686590
[pure-ftpd] 20110308 Re: Pure-FTPd 1.0.30 has been released (http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd)
https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis