Pure-FTPd: Multiple vulnerabilities — GLSA 201110-25

Multiple vulnerabilities were found in Pure-FTPd allowing attackers to inject FTP commands or cause a Denial of Service.

Affected Packages

net-ftp/pure-ftpd on all architectures
Affected versions < 1.0.32
Unaffected versions >= 1.0.32

Background

Pure-FTPd is a fast, production-quality and standards-compliant FTP server.

Description

Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details.

Impact

Remote unauthenticated attackers may be able to inject FTP commands or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All pure-ftpd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-ftp/pure-ftpd-1.0.32"
 

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 14, 2011. It is likely that your system is already no longer affected by this issue.

References

Release Date
October 26, 2011

Latest Revision
October 26, 2011: 1

Severity
normal

Exploitable
remote

Bugzilla entries