Security update for pure-ftpd (important)

2011-09-0823:08:14

lists.opensuse.org

EPSS

Percentile

5.1%

JSON

The OES Netware add-ons in pure-ftpd had a security problem
and some bugs, which are fixed by this update.

A local attacker could overwrite local files when the OES
remote server feature of pure-ftpd is enabled due to a
directory traversal. ( CVE-2011-3171)

Additionally the following bugs have been fixed:

bnc#699300 - FTP remote server navigation does not
always succeed
bnc#685447 - pure-ftpd does not throw an error when
the name resolution fails during remote server navigation
bnc#700335 - put files into NCP volumes fails
bnc#703035 - remote_server feature opens a
vulnerability with directory traversal & file overwriting

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server11.1i586pure-ftpd< 1.0.22-3.13.1pure-ftpd-1.0.22-3.13.1.i586.rpm
SUSE Linux Enterprise Server10.3ia64pure-ftpd< 1.0.22-0.26.1pure-ftpd-1.0.22-0.26.1.ia64.rpm
SUSE Linux Enterprise Server10.3s390xpure-ftpd< 1.0.22-0.26.1pure-ftpd-1.0.22-0.26.1.s390x.rpm
SUSE Linux Enterprise Server11.1x86_64pure-ftpd< 1.0.22-3.13.1pure-ftpd-1.0.22-3.13.1.x86_64.rpm
SUSE Linux Enterprise Desktop11.1i586pure-ftpd< 1.0.22-3.13.1pure-ftpd-1.0.22-3.13.1.i586.rpm
SUSE Linux Enterprise Server for VMware11.1i586pure-ftpd< 1.0.22-3.13.1pure-ftpd-1.0.22-3.13.1.i586.rpm
SUSE Linux Enterprise Desktop11.1x86_64pure-ftpd< 1.0.22-3.13.1pure-ftpd-1.0.22-3.13.1.x86_64.rpm
SUSE Linux Enterprise Server10.3ppcpure-ftpd< 1.0.22-0.26.1pure-ftpd-1.0.22-0.26.1.ppc.rpm
SUSE Linux Enterprise Server11.1s390xpure-ftpd< 1.0.22-3.13.1pure-ftpd-1.0.22-3.13.1.s390x.rpm
SUSE Linux Enterprise Server10.3x86_64pure-ftpd< 1.0.22-0.26.1pure-ftpd-1.0.22-0.26.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server	11.1	i586	pure-ftpd	< 1.0.22-3.13.1	pure-ftpd-1.0.22-3.13.1.i586.rpm
SUSE Linux Enterprise Server	10.3	ia64	pure-ftpd	< 1.0.22-0.26.1	pure-ftpd-1.0.22-0.26.1.ia64.rpm
SUSE Linux Enterprise Server	10.3	s390x	pure-ftpd	< 1.0.22-0.26.1	pure-ftpd-1.0.22-0.26.1.s390x.rpm
SUSE Linux Enterprise Server	11.1	x86_64	pure-ftpd	< 1.0.22-3.13.1	pure-ftpd-1.0.22-3.13.1.x86_64.rpm
SUSE Linux Enterprise Desktop	11.1	i586	pure-ftpd	< 1.0.22-3.13.1	pure-ftpd-1.0.22-3.13.1.i586.rpm
SUSE Linux Enterprise Server for VMware	11.1	i586	pure-ftpd	< 1.0.22-3.13.1	pure-ftpd-1.0.22-3.13.1.i586.rpm
SUSE Linux Enterprise Desktop	11.1	x86_64	pure-ftpd	< 1.0.22-3.13.1	pure-ftpd-1.0.22-3.13.1.x86_64.rpm
SUSE Linux Enterprise Server	10.3	ppc	pure-ftpd	< 1.0.22-0.26.1	pure-ftpd-1.0.22-0.26.1.ppc.rpm
SUSE Linux Enterprise Server	11.1	s390x	pure-ftpd	< 1.0.22-3.13.1	pure-ftpd-1.0.22-3.13.1.s390x.rpm
SUSE Linux Enterprise Server	10.3	x86_64	pure-ftpd	< 1.0.22-0.26.1	pure-ftpd-1.0.22-0.26.1.x86_64.rpm