10 matches found
openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7480)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
FreeBSD Ports: pure-ftpd
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
SuSE 11.1 Security Update : pure-ftpd (SAT Patch Number 4360)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...
SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7466)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
CVE-2011-1575
Technical details about CVE-2011-1575 are not provided in the connected documents. The references mention a plaintext command injection pattern related to STARTTLS in other products (e.g., CVE-2011-0411). Monitor for updates for concrete specifics.
CVE-2011-1575
The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...
openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)
Pure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
FTP Service AUTH TLS Plaintext Command Injection
The remote FTP server contains a software flaw in its AUTH TLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker to...