Lucene search

K
gentooGentoo FoundationGLSA-201110-25
HistoryOct 26, 2011 - 12:00 a.m.

Pure-FTPd: Multiple vulnerabilities

2011-10-2600:00:00
Gentoo Foundation
security.gentoo.org
36

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.897

Percentile

98.8%

Background

Pure-FTPd is a fast, production-quality and standards-compliant FTP server.

Description

Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details.

Impact

Remote unauthenticated attackers may be able to inject FTP commands or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All pure-ftpd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-ftp/pure-ftpd-1.0.32"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 14, 2011. It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-ftp/pure-ftpd< 1.0.32UNKNOWN

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.897

Percentile

98.8%