The STARTTLS implementation in ftp_parser.c in Pure-FTPd prior to 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pureftpd pure-ftpd 1.0.16a |
||
pureftpd pure-ftpd 1.0.14 |
||
pureftpd pure-ftpd 1.0.15 |
||
pureftpd pure-ftpd 1.0.20 |
||
pureftpd pure-ftpd 1.0.21 |
||
pureftpd pure-ftpd 1.0.10 |
||
pureftpd pure-ftpd 1.0.9 |
||
pureftpd pure-ftpd 1.0.2 |
||
pureftpd pure-ftpd 1.0.1 |
||
pureftpd pure-ftpd 0.99.1a |
||
pureftpd pure-ftpd 0.99.1 |
||
pureftpd pure-ftpd 0.98.6 |
||
pureftpd pure-ftpd 0.98.5 |
||
pureftpd pure-ftpd 0.98pre2 |
||
pureftpd pure-ftpd 0.98pre1 |
||
pureftpd pure-ftpd 0.97.3 |
||
pureftpd pure-ftpd 0.97.2 |
||
pureftpd pure-ftpd 0.97pre1 |
||
pureftpd pure-ftpd 0.96.1 |
||
pureftpd pure-ftpd 0.95-pre3 |
||
pureftpd pure-ftpd 0.95-pre2 |
||
pureftpd pure-ftpd 0.95-pre1 |
||
pureftpd pure-ftpd 1.0.12 |
||
pureftpd pure-ftpd 1.0.13a |
||
pureftpd pure-ftpd 1.0.18 |
||
pureftpd pure-ftpd 1.0.19 |
||
pureftpd pure-ftpd 1.0.28 |
||
pureftpd pure-ftpd |
||
pureftpd pure-ftpd 1.0.4 |
||
pureftpd pure-ftpd 1.0.3 |
||
pureftpd pure-ftpd 0.99.2 |
||
pureftpd pure-ftpd 0.99.1b |
||
pureftpd pure-ftpd 0.99pre1 |
||
pureftpd pure-ftpd 0.98.7 |
||
pureftpd pure-ftpd 0.98.1 |
||
pureftpd pure-ftpd 0.98-final |
||
pureftpd pure-ftpd 0.97.5 |
||
pureftpd pure-ftpd 0.97.4 |
||
pureftpd pure-ftpd 0.97pre3 |
||
pureftpd pure-ftpd 0.97pre2 |
||
pureftpd pure-ftpd 0.95 |
||
pureftpd pure-ftpd 0.95-pre4 |
||
pureftpd pure-ftpd 0.90 |
||
pureftpd pure-ftpd 1.0.16b |
||
pureftpd pure-ftpd 1.0.24 |
||
pureftpd pure-ftpd 1.0.25 |
||
pureftpd pure-ftpd 1.0.8 |
||
pureftpd pure-ftpd 1.0.7 |
||
pureftpd pure-ftpd 1.0.0 |
||
pureftpd pure-ftpd 0.99.9 |
||
pureftpd pure-ftpd 0.99.4 |
||
pureftpd pure-ftpd 0.99b |
||
pureftpd pure-ftpd 0.99a |
||
pureftpd pure-ftpd 0.98.4 |
||
pureftpd pure-ftpd 0.98.3 |
||
pureftpd pure-ftpd 0.97.7 |
||
pureftpd pure-ftpd 0.97.7pre3 |
||
pureftpd pure-ftpd 0.97.7pre2 |
||
pureftpd pure-ftpd 0.97.1 |
||
pureftpd pure-ftpd 0.97-final |
||
pureftpd pure-ftpd 0.96 |
||
pureftpd pure-ftpd 0.96pre1 |
||
pureftpd pure-ftpd 0.94 |
||
pureftpd pure-ftpd 0.93 |
||
pureftpd pure-ftpd 1.0.22 |
||
pureftpd pure-ftpd 1.0.11 |
||
pureftpd pure-ftpd 1.0.16c |
||
pureftpd pure-ftpd 1.0.17 |
||
pureftpd pure-ftpd 1.0.17a |
||
pureftpd pure-ftpd 1.0.26 |
||
pureftpd pure-ftpd 1.0.27 |
||
pureftpd pure-ftpd 1.0.6 |
||
pureftpd pure-ftpd 1.0.5 |
||
pureftpd pure-ftpd 0.99.3 |
||
pureftpd pure-ftpd 0.99.2a |
||
pureftpd pure-ftpd 0.99 |
||
pureftpd pure-ftpd 0.99pre2 |
||
pureftpd pure-ftpd 0.98.2a |
||
pureftpd pure-ftpd 0.98.2 |
||
pureftpd pure-ftpd 0.97.7pre1 |
||
pureftpd pure-ftpd 0.97.6 |
||
pureftpd pure-ftpd 0.97pre5 |
||
pureftpd pure-ftpd 0.97pre4 |
||
pureftpd pure-ftpd 0.95.2 |
||
pureftpd pure-ftpd 0.95.1 |
||
pureftpd pure-ftpd 0.92 |
||
pureftpd pure-ftpd 0.91 |