oss-sec mailing list archives

pure-ftpd STARTTLS command injection / new CVE?

From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 11 Apr 2011 15:26:21 +0200


Hi,

http://www.pureftpd.org/project/pure-ftpd/news

states that pure-ftpd is affected by the same STARTTLS
injection bug as postifx's CVE-2011-0411.

Is this CVE postfix-specific or can it be used for
pure-ftpd as well? If needed, can someone assign a new CVE?

thx,
Sebastian

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Current thread:

pure-ftpd STARTTLS command injection / new CVE? Sebastian Krahmer (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Mike O'Connor (Apr 11)
  - Re: pure-ftpd STARTTLS command injection / new CVE? Steven M. Christey (Apr 11)
  - CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Jan Lieskovsky (May 17)
    - Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Josh Bressers (May 17)
- Re: pure-ftpd STARTTLS command injection / new CVE? Josh Bressers (Apr 11)