ghsa-mqpg-5c3p-cx82
Vulnerability from github
Published
2022-05-17 04:52
Modified
2022-05-17 04:52
Details
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
{ affected: [], aliases: [ "CVE-2011-1575", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2011-05-23T22:55:00Z", severity: "MODERATE", }, details: "The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411.", id: "GHSA-mqpg-5c3p-cx82", modified: "2022-05-17T04:52:35Z", published: "2022-05-17T04:52:35Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2011-1575", }, { type: "WEB", url: "https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4", }, { type: "WEB", url: "https://bugzilla.novell.com/show_bug.cgi?id=686590", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=683221", }, { type: "WEB", url: "http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd", }, { type: "WEB", url: "http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html", }, { type: "WEB", url: "http://openwall.com/lists/oss-security/2011/04/11/14", }, { type: "WEB", url: "http://openwall.com/lists/oss-security/2011/04/11/3", }, { type: "WEB", url: "http://openwall.com/lists/oss-security/2011/04/11/7", }, { type: "WEB", url: "http://openwall.com/lists/oss-security/2011/04/11/8", }, { type: "WEB", url: "http://secunia.com/advisories/43988", }, { type: "WEB", url: "http://secunia.com/advisories/44548", }, { type: "WEB", url: "http://www.pureftpd.org/project/pure-ftpd/news", }, ], schema_version: "1.4.0", severity: [], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.