oss-sec mailing list archives
Re: pure-ftpd STARTTLS command injection / new CVE?
From: "Mike O'Connor" <mjo () dojo mi org>
Date: Mon, 11 Apr 2011 13:19:17 -0400
:http://www.pureftpd.org/project/pure-ftpd/news : :states that pure-ftpd is affected by the same STARTTLS :injection bug as postifx's CVE-2011-0411. : :Is this CVE postfix-specific or can it be used for :pure-ftpd as well? If needed, can someone assign a new CVE? It should get its own CVE assignment. Other products with the same STARTTLS issue have gotten unique CVE assignments for them -- see CVE-2011-143[012]. -- Michael J. O'Connor mjo () dojo mi org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "You can't destroy everything. Where would you sit?" -The Tick
Attachment:
_bin
Description:
Current thread:
- pure-ftpd STARTTLS command injection / new CVE? Sebastian Krahmer (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Mike O'Connor (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Steven M. Christey (Apr 11)
- CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Jan Lieskovsky (May 17)
- Re: pure-ftpd STARTTLS command injection / new CVE? Josh Bressers (Apr 11)
- Re: pure-ftpd STARTTLS command injection / new CVE? Mike O'Connor (Apr 11)