FTP : Pure-FTPd <= 1.0.49 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.143322

Categoría: FTP

Título: Pure-FTPd <= 1.0.49 Multiple Vulnerabilities

Resumen: Pure-FTPd is prone to multiple vulnerabilities.

Descripción: Summary:
Pure-FTPd is prone to multiple vulnerabilities.

Vulnerability Insight:
Pure-FTPd is prone to multiple vulnerabilities:

- Stack exhaustion issue in the listdir function in ls.c (CVE-2019-20176)

- Uninitialized pointer vulnerability in the diraliases linked list (CVE-2020-9274)

- Insufficient length check in pure_strcmp()

- Out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c (CVE-2020-9365)

Affected Software/OS:
Pure-FTPd version 1.0.49 and probably prior.

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-20176
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/
https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
Common Vulnerability Exposure (CVE) ID: CVE-2020-9274
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/
https://security.gentoo.org/glsa/202003-54
https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
https://www.pureftpd.org/project/pure-ftpd/news/
https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html
https://usn.ubuntu.com/4515-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-9365
https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e
https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.143322
Categoría:	FTP
Título:	Pure-FTPd <= 1.0.49 Multiple Vulnerabilities
Resumen:	Pure-FTPd is prone to multiple vulnerabilities.
Descripción:	Summary: Pure-FTPd is prone to multiple vulnerabilities. Vulnerability Insight: Pure-FTPd is prone to multiple vulnerabilities: - Stack exhaustion issue in the listdir function in ls.c (CVE-2019-20176) - Uninitialized pointer vulnerability in the diraliases linked list (CVE-2020-9274) - Insufficient length check in pure_strcmp() - Out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c (CVE-2020-9365) Affected Software/OS: Pure-FTPd version 1.0.49 and probably prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20176 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/ https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 Common Vulnerability Exposure (CVE) ID: CVE-2020-9274 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/ https://security.gentoo.org/glsa/202003-54 https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa https://www.pureftpd.org/project/pure-ftpd/news/ https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html https://usn.ubuntu.com/4515-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-9365 https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da
Copyright	Copyright (C) 2020 Greenbone Networks GmbH