Vulnerability CVE-2011-3171


Published: 2011-11-04   Modified: 2012-02-13

Description:
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Pureftpd -> Pure-ftpd 

 References:
http://xforce.iss.net/xforce/xfdb/69686
http://www.securityfocus.com/bid/49541
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html

Copyright 2020, cxsecurity.com

 

Back to Top