oss-sec mailing list archives

Re: pure-ftpd STARTTLS command injection / new CVE?

From: "Mike O'Connor" <mjo () dojo mi org>
Date: Mon, 11 Apr 2011 13:19:17 -0400

:http://www.pureftpd.org/project/pure-ftpd/news
:
:states that pure-ftpd is affected by the same STARTTLS
:injection bug as postifx's CVE-2011-0411.
:
:Is this CVE postfix-specific or can it be used for
:pure-ftpd as well? If needed, can someone assign a new CVE?

It should get its own CVE assignment.  Other products with the
same STARTTLS issue have gotten unique CVE assignments for them
-- see CVE-2011-143[012].

-- 
 Michael J. O'Connor                                          mjo () dojo mi org
 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"You can't destroy everything.  Where would you sit?"               -The Tick

Attachment: _bin
Description:

Current thread:

pure-ftpd STARTTLS command injection / new CVE? Sebastian Krahmer (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Mike O'Connor (Apr 11)
  - Re: pure-ftpd STARTTLS command injection / new CVE? Steven M. Christey (Apr 11)
  - CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Jan Lieskovsky (May 17)
    - Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Josh Bressers (May 17)
- Re: pure-ftpd STARTTLS command injection / new CVE? Josh Bressers (Apr 11)