Unrated severityNVD Advisory· Published May 23, 2011· Updated Apr 29, 2026
CVE-2011-1575
CVE-2011-1575
Description
The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Affected products
87cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*+ 86 more
- cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*range: <=1.0.29
- cpe:2.3:a:pureftpd:pure-ftpd:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.96pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.97pre5:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.2a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98-final:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.98pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.1a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.1b:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.2a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99b:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99pre1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:0.99pre2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.13a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.16a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.16b:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.16c:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.17a:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:*:*:*:*:*:*:*
Patches
165c4d4ad331eFlush the command buffer after switching to TLS.
1 file changed · +9 −2
src/ftp_parser.c+9 −2 modified@@ -57,14 +57,20 @@ static void randomdelay(void) * -Frank. */ +static size_t scanned; +static size_t readnbd; + +static void flush_cmd(void) +{ + scanned = readnbd = (size_t) 0U; +} + int sfgets(void) { struct pollfd pfd; int pollret; ssize_t readnb; signed char seen_r = 0; - static size_t scanned; - static size_t readnbd; if (scanned > (size_t) 0U) { /* support pipelining */ readnbd -= scanned; @@ -362,6 +368,7 @@ void parser(void) addreply_noformat(234, "AUTH TLS OK."); doreply(); if (tls_cnx == NULL) { + flush_cmd(); (void) tls_init_new_session(); } goto wayout;
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- archives.pureftpd.org/archives.cginvdPatch
- bugzilla.novell.com/show_bug.cginvdPatch
- github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4nvdPatch
- secunia.com/advisories/43988nvdVendor Advisory
- archives.pureftpd.org/archives.cginvd
- lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlnvd
- lists.opensuse.org/opensuse-updates/2011-05/msg00029.htmlnvd
- openwall.com/lists/oss-security/2011/04/11/14nvd
- openwall.com/lists/oss-security/2011/04/11/3nvd
- openwall.com/lists/oss-security/2011/04/11/7nvd
- openwall.com/lists/oss-security/2011/04/11/8nvd
- secunia.com/advisories/44548nvd
- www.pureftpd.org/project/pure-ftpd/newsnvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.