Vulnerability Details : CVE-2011-1575
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Products affected by CVE-2011-1575
- cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.16a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99b:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.13a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.1b:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.1a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.16b:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.16c:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.2a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre5:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.96pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.17a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.2a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98-final:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*
Threat overview for CVE-2011-1575
Top countries where our scanners detected CVE-2011-1575
Top open port discovered on systems with this issue
21
IPs affected by CVE-2011-1575 2,301
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1575!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1575
82.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1575
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2011-1575
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1575
-
https://bugzilla.redhat.com/show_bug.cgi?id=683221
683221 – (CVE-2011-1575) CVE-2011-1575 pure-ftpd: command injection during plaintext to TLS session switch
-
https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4
Flush the command buffer after switching to TLS. · jedisct1/pure-ftpd@65c4d4a · GitHubPatch
-
https://bugzilla.novell.com/show_bug.cgi?id=686590
Bug 686590 – VUL-0: CVE-2011-1575: new pure-ftpd version fix STARTTLS issues similar to CVE-2011-0411Patch
-
http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd
-
http://openwall.com/lists/oss-security/2011/04/11/3
oss-security - pure-ftpd STARTTLS command injection / new CVE?
-
http://www.pureftpd.org/project/pure-ftpd/news
Latest news :: Pure-FTPd
-
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:009
-
http://openwall.com/lists/oss-security/2011/04/11/7
oss-security - Re: pure-ftpd STARTTLS command injection / new CVE?
-
http://openwall.com/lists/oss-security/2011/04/11/14
oss-security - Re: pure-ftpd STARTTLS command injection / new CVE?
-
http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd
Patch
-
http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html
openSUSE-SU-2011:0483-1 (moderate): New pure-ftpd version fix STARTTLS i
-
http://openwall.com/lists/oss-security/2011/04/11/8
oss-security - Re: pure-ftpd STARTTLS command injection / new CVE?
Jump to