Fedora 14 : pure-ftpd-1.0.30-1.fc14 (2011-3349)

🗓️ 01 Apr 2011 00:00:00Reported by TenableType

Fedora 14: Security issue in pure-ftpd-1.0.30-1.fc14 (2011-3349) with potential information disclosure and authentication bypass

Reporter	Title	Published	Views	Family All 152
FreeBSD	pureftpd -- multiple vulnerabilities	1 Apr 201100:00	–	freebsd
FreeBSD	postfix -- plaintext command injection with SMTP over TLS	7 Mar 201100:00	–	freebsd
FreeBSD	inn -- plaintext command injection into encrypted channel	14 Aug 201200:00	–	freebsd
Tenable Nessus	CentOS 4 / 5 : postfix (CESA-2011:0422)	11 Apr 201100:00	–	nessus
Tenable Nessus	CentOS 4 / 5 : cyrus-imapd (CESA-2011:0859)	9 Jun 201100:00	–	nessus
Tenable Nessus	Debian DSA-2233-1 : postfix - several vulnerabilities	11 May 201100:00	–	nessus
Tenable Nessus	Fedora 13 : postfix-2.7.3-1.fc13 (2011-3355)	24 Mar 201100:00	–	nessus
Tenable Nessus	Fedora 14 : postfix-2.7.3-1.fc14 (2011-3394)	24 Mar 201100:00	–	nessus
Tenable Nessus	FreeBSD : pureftpd -- multiple vulnerabilities (1495f931-8522-11e0-a1c1-00215c6a37bb)	24 May 201100:00	–	nessus
Tenable Nessus	FreeBSD : postfix -- plaintext command injection with SMTP over TLS (14a6f516-502f-11e0-b448-bbfa2731f9c7)	21 Mar 201100:00	–	nessus

Source	Link
postfix	www.postfix.org/CVE-2011-0411.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nessus	www.nessus.org/u

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2011-3349.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(53240);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_bugtraq_id(46767);
  script_xref(name:"FEDORA", value:"2011-3349");

  script_name(english:"Fedora 14 : pure-ftpd-1.0.30-1.fc14 (2011-3349)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Wietse Venema and Victor Duchovni discovered and reported an issue
that could lead to a potential information disclosure.

An unencrypted FTP command immediately following STARTTLS request
would get buffered and processed prior to SSL/TLS handshake, resulting
in potential authentication bypass in case a client certificate
authentication was configured to provide user identity.

A report of similar issue that was originally discovered in Postfix
MTA contains further technical details and discusses possible impact:
http://www.postfix.org/CVE-2011-0411.html

Users of pure-ftpd are advised to install this updated package which
contains a fix for the issue.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.postfix.org/CVE-2011-0411.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=683221"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/057170.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1de2f670"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected pure-ftpd package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pure-ftpd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC14", reference:"pure-ftpd-1.0.30-1.fc14")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pure-ftpd");
}

11 Jan 2021 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 26.8

EPSS0.32222