Command injection

2011-05-2423:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.1%

JSON

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

CPENameOperatorVersion
netbsdeq5.1
pure-ftpdeq0.97.0-final
pure-ftpdeq1.0.19
pure-ftpdeq1.0.10
pure-ftpdeq0.97.0-pre1
pure-ftpdeq0.98.0-final
pure-ftpdeq0.95
pure-ftpdeq0.97.0-pre4
pure-ftpdeq0.98.297
pure-ftpdeq1.0.6

Name	Operator	Version
netbsd	eq	5.1
pure-ftpd	eq	0.97.0-final
pure-ftpd	eq	1.0.19
pure-ftpd	eq	1.0.10
pure-ftpd	eq	0.97.0-pre1
pure-ftpd	eq	0.98.0-final
pure-ftpd	eq	0.95
pure-ftpd	eq	0.97.0-pre4
pure-ftpd	eq	0.98.297
pure-ftpd	eq	1.0.6