oss-sec mailing list archives
pure-ftpd STARTTLS command injection / new CVE?
From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 11 Apr 2011 15:26:21 +0200
Hi, http://www.pureftpd.org/project/pure-ftpd/news states that pure-ftpd is affected by the same STARTTLS injection bug as postifx's CVE-2011-0411. Is this CVE postfix-specific or can it be used for pure-ftpd as well? If needed, can someone assign a new CVE? thx, Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- pure-ftpd STARTTLS command injection / new CVE? Sebastian Krahmer (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Mike O'Connor (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Steven M. Christey (Apr 11)
- CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Jan Lieskovsky (May 17)
- Re: pure-ftpd STARTTLS command injection / new CVE? Josh Bressers (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Mike O'Connor (Apr 11)