id: CVE-2011-3171 info: name: Pure-FTPd ≤ 1.0.22 - Directory Traversal author: pussycat0x severity: low description: | Pure-FTPd versions ≤ 1.0.22 (and earlier) contain a directory traversal vulnerability when the "Netware OES remote server" feature is enabled. This allows local users to overwrite arbitrary files on the system, potentially leading to unauthorized file modification or system compromise. impact: | Local users can exploit directory traversal when Netware OES remote server feature is enabled to overwrite arbitrary files on the system, potentially leading to privilege escalation or system compromise. remediation: | Update Pure-FTPd to a version newer than 1.0.22 that properly validates paths when Netware OES remote server feature is enabled and prevents directory traversal attacks. reference: - http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html - http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html - https://exchange.xforce.ibmcloud.com/vulnerabilities/69686 classification: cvss-metrics: CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:P cvss-score: 3.6 cve-id: CVE-2011-3171 cwe-id: CWE-22 epss-score: 0.00011 epss-percentile: 0.01544 cpe: cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: pureftpd product: pure-ftpd shodan-query: - product:"pure-ftpd" version:"1.0.14" - cpe:"cpe:2.3:a:pureftpd:pure-ftpd" tags: cve,cve2011,network,ftp,pure-ftpd,tcp,passive,lfi,vuln tcp: - inputs: - data: 00000000 type: hex host: - "{{Hostname}}" port: 21 read-size: 1024 matchers: - type: dsl dsl: - "contains(raw, 'Pure-FTPd')" - "compare_versions(version, '<= 1.0.22')" condition: and extractors: - type: regex group: 1 name: version regex: - "Pure-FTPd ([0-9.]+)" # digest: 4a0a0047304502200a0d39e8c8cf046ddef99acf40f3b7437e9d617eaf34164af8e74f1589caacad022100b49e232553bd6e16d61c6979171ffe74dbd6b8151aa379543e46ad23b5a810f4:922c64590222798bb761d5b6d8e72950