Vulnerabilities > CVE-2011-1575 - Resource Management Errors vulnerability in Pureftpd Pure-Ftpd

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
pureftpd
CWE-399
nessus

Summary

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Vulnerable Configurations

Part Description Count
Application
Pureftpd
116

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_PURE-FTPD-110412.NASL
    descriptionPure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id76000
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76000
    titleopenSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update pure-ftpd-4353.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76000);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-0411", "CVE-2011-1575");
    
      script_name(english:"openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)");
      script_summary(english:"Check for the pure-ftpd-4353 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Pure-ftpd is vulnerable to the STARTTLS command injection issue
    similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned
    to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=686590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected pure-ftpd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pure-ftpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pure-ftpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pure-ftpd-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"pure-ftpd-1.0.29-8.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"pure-ftpd-debuginfo-1.0.29-8.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"pure-ftpd-debugsource-1.0.29-8.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pure-ftpd / pure-ftpd-debuginfo / pure-ftpd-debugsource");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PURE-FTPD-7466.NASL
    descriptionPure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id54830
    published2011-05-26
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/54830
    titleSuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7466)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(54830);
      script_version ("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2011-0411", "CVE-2011-1575");
    
      script_name(english:"SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7466)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Pure-ftpd is vulnerable to the STARTTLS command injection issue
    similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned
    to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0411.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1575.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7466.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:3, reference:"pure-ftpd-1.0.22-0.20.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyFTP
    NASL idFTP_STARTTLS_PLAINTEXT_INJECTION.NASL
    descriptionThe remote FTP server contains a software flaw in its AUTH TLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker to modify files on the FTP server and reveal a user
    last seen2020-06-01
    modified2020-06-02
    plugin id53847
    published2011-05-09
    reporterThis script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53847
    titleFTP Service AUTH TLS Plaintext Command Injection
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (NASL_LEVEL < 4000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(53847);
      script_version("1.14");
      script_cvs_date("Date: 2018/11/15 20:50:22");
    
      script_cve_id("CVE-2011-1575");
      script_bugtraq_id(46767);
      script_xref(name:"CERT", value:"555316");
    
      script_name(english:"FTP Service AUTH TLS Plaintext Command Injection");
      script_summary(english:"Tries to inject a command along with AUTH TLS");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote FTP server allows plaintext command injection while
    negotiating an encrypted communications channel."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote FTP server contains a software flaw in its AUTH TLS
    implementation that could allow a remote, unauthenticated attacker to
    inject commands during the plaintext protocol phase that will be
    executed during the ciphertext protocol phase. 
    
    Successful exploitation could permit an attacker to modify files on
    the FTP server and reveal a user's credentials."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://tools.ietf.org/html/rfc4217"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.securityfocus.com/archive/1/516901/30/0/threaded"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Contact the vendor to see if an update is available."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-1575");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/09");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
    
      script_end_attributes();
    
      script_category(ACT_ATTACK);
      script_family(english:"FTP");
    
      script_copyright(english: "This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ftp_starttls.nasl");
      script_require_ports("Services/ftp", 21);
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("ftp_func.inc");
    
    
    port = get_service(svc:"ftp", default:21, exit_on_fail:TRUE);
    if (!get_kb_item("ftp/"+port+"/starttls"))
    {
      if (get_kb_item("ftp/"+port+"/starttls_tested"))
        exit(0, "The FTP server on port "+port+" does not support AUTH TLS.");
    
      encaps = get_kb_item("Transports/TCP/"+port);
      if (encaps && encaps > ENCAPS_IP)
        exit(0, "The FTP server on port "+port+" always encrypts traffic.");
    }
    
    
    soc = open_sock_tcp(port);
    if (!soc) exit(1, "Can't open socket on port "+port+".");
    
    ftp_debug(str:"custom");
    s = ftp_recv_line(socket:soc);
    if (!strlen(s))
    {
      close(soc);
      exit(1, "Failed to receive a banner from the FTP server on port "+port+".");
    }
    
    
    # Send the exploit.
    c = 'AUTH TLS\r\nFEAT\r\n';
    send(socket:soc, data:c);
    s1 = ftp_recv_line(socket:soc);
    if (strlen(s1)) s1 = chomp(s1);
    
    if (strlen(s1) < 4)
    {
      ftp_close(socket:soc);
    
      if (strlen(s1)) errmsg = "The FTP server on port "+port+" sent an invalid response (" + s1 + ").";
      else errmsg = "The FTP server on port "+port+" failed to respond to a 'AUTH TLS' command.";
      exit(1, errmsg);
    }
    if (substr(s1, 0, 2) != "234") exit(1, "The FTP server on port "+port+" did not accept the command (" + s1 + ").");
    
    # nb: finally, we need to make sure the second command worked.
    soc = socket_negotiate_ssl(socket:soc, transport:ENCAPS_TLSv1);
    if (!soc) exit(1, "Failed to negotiate a TLS connection with the FTP server on port "+port+".");
    s2 = ftp_recv_line(socket:soc);
    if (strlen(s2)) s2 = chomp(s2);
    
    ftp_close(socket:soc);
    
    if (strlen(s2) == 0) exit(0, "The FTP server on port "+port+" does not appear to be affected.");
    else
    {
      if (strlen(s2) >= 3 && substr(s2, 0, 2) == "211")
      {
        if (report_verbosity > 0)
        {
          report =
            '\n' + 'Nessus sent the following two commands in a single packet :' +
            '\n' +
            '\n' + '  ' + str_replace(find:'\r\n', replace:'\\r\\n', string:c) +
            '\n' +
            '\n' + 'And the server sent the following two responses :' +
            '\n' +
            '\n' + '  ' + s1 +
            '\n' + '  ' + s2 + '\n';
          security_warning(port:port, extra:report);
        }
        else security_warning(port);
        exit(0);
      }
      else exit(0, "The FTP server on port "+port+" does not appear to be affected as it responded '" + s2 + "'.");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_PURE-FTPD-110412.NASL
    descriptionPure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id75716
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75716
    titleopenSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update pure-ftpd-4353.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75716);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2011-0411", "CVE-2011-1575");
    
      script_name(english:"openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)");
      script_summary(english:"Check for the pure-ftpd-4353 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Pure-ftpd is vulnerable to the STARTTLS command injection issue
    similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned
    to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=686590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected pure-ftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pure-ftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"pure-ftpd-1.0.29-2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pure-ftpd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_PURE-FTPD-110412.NASL
    descriptionPure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id54828
    published2011-05-26
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/54828
    titleSuSE 11.1 Security Update : pure-ftpd (SAT Patch Number 4360)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(54828);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2011-0411", "CVE-2011-1575");
    
      script_name(english:"SuSE 11.1 Security Update : pure-ftpd (SAT Patch Number 4360)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Pure-ftpd is vulnerable to the STARTTLS command injection issue
    similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned
    to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=686590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0411.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1575.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4360.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:pure-ftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"pure-ftpd-1.0.22-3.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"pure-ftpd-1.0.22-3.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"pure-ftpd-1.0.22-3.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-25 (Pure-FTPd: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details. Impact : Remote unauthenticated attackers may be able to inject FTP commands or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56659
    published2011-10-27
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56659
    titleGLSA-201110-25 : Pure-FTPd: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201110-25.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56659);
      script_version("1.7");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2011-0418", "CVE-2011-1575");
      script_bugtraq_id(46767, 47671);
      script_xref(name:"GLSA", value:"201110-25");
    
      script_name(english:"GLSA-201110-25 : Pure-FTPd: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201110-25
    (Pure-FTPd: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Pure-FTPd. Please
          review the CVE identifiers referenced below for details.
      
    Impact :
    
        Remote unauthenticated attackers may be able to inject FTP commands or
          cause a Denial of Service.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201110-25"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All pure-ftpd users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-ftp/pure-ftpd-1.0.32'
        NOTE: This is a legacy GLSA. Updates for all affected architectures are
          available since May 14, 2011. It is likely that your system is already no
          longer affected by this issue."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pure-ftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-ftp/pure-ftpd", unaffected:make_list("ge 1.0.32"), vulnerable:make_list("lt 1.0.32"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Pure-FTPd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PURE-FTPD-7480.NASL
    descriptionPure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id57246
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57246
    titleSuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7480)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57246);
      script_version ("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2011-0411", "CVE-2011-1575");
    
      script_name(english:"SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7480)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Pure-ftpd is vulnerable to the STARTTLS command injection issue
    similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned
    to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0411.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1575.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7480.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"pure-ftpd-1.0.22-0.20.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"pure-ftpd-1.0.22-0.20.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_PURE-FTPD-110412.NASL
    descriptionPure-ftpd is vulnerable to the STARTTLS command injection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id53888
    published2011-05-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53888
    titleopenSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update pure-ftpd-4353.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53888);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2011-0411", "CVE-2011-1575");
    
      script_name(english:"openSUSE Security Update : pure-ftpd (openSUSE-SU-2011:0483-1)");
      script_summary(english:"Check for the pure-ftpd-4353 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Pure-ftpd is vulnerable to the STARTTLS command injection issue
    similar to CVE-2011-0411 of postfix. CVE-2011-1575 has been assigned
    to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=686590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected pure-ftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pure-ftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"pure-ftpd-1.0.22-3.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pure-ftpd");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1495F931852211E0A1C100215C6A37BB.NASL
    descriptionPure-FTPd development team reports : Support for braces expansion in directory listings has been disabled -- Cf. CVE-2011-0418. Fix a STARTTLS flaw similar to Postfix
    last seen2020-06-01
    modified2020-06-02
    plugin id54620
    published2011-05-24
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54620
    titleFreeBSD : pureftpd -- multiple vulnerabilities (1495f931-8522-11e0-a1c1-00215c6a37bb)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(54620);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:40");
    
      script_cve_id("CVE-2011-0418", "CVE-2011-1575");
      script_bugtraq_id(46767);
    
      script_name(english:"FreeBSD : pureftpd -- multiple vulnerabilities (1495f931-8522-11e0-a1c1-00215c6a37bb)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Pure-FTPd development team reports :
    
    Support for braces expansion in directory listings has been disabled
    -- Cf. CVE-2011-0418.
    
    Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411. If you're
    using TLS, upgrading is recommended."
      );
      # https://vuxml.freebsd.org/freebsd/1495f931-8522-11e0-a1c1-00215c6a37bb.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5be3971b"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:pure-ftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"pure-ftpd<1.0.32")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");