PT-2011-1084 · Pure Ftpd · Pure-Ftpd

Published

2011-11-04

Updated

2017-08-29

CVE-2011-3171

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions pure-FTPd version 1.0.22 pure-FTPd (affected versions not specified, possibly other versions)

Description The issue allows local users to overwrite arbitrary files via unknown vectors when the Netware OES remote server feature is enabled. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed locally.

Recommendations For pure-FTPd version 1.0.22, consider disabling the Netware OES remote server feature until a patch is available. For other possibly affected versions of pure-FTPd, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2015-04621

CVE-2011-3171

Affected Products

Pure-Ftpd

PT-2011-1084 · Pure Ftpd · Pure-Ftpd

CVE-2011-3171

Weakness Enumeration

Related Identifiers

Affected Products

References · 6