Pure-FTPd versions ≤ 1.0.22 (and earlier) contain a directory traversal vulnerability when the "Netware OES remote server" feature is enabled. This allows local users to overwrite arbitrary files on the system, potentially leading to unauthorized file modification or system compromise.
PoC代码[已公开]
id: CVE-2011-3171
info:
name: Pure-FTPd ≤ 1.0.22 - Directory Traversal
author: pussycat0x
severity: low
description: |
Pure-FTPd versions ≤ 1.0.22 (and earlier) contain a directory traversal vulnerability when the "Netware OES remote server" feature is enabled. This allows local users to overwrite arbitrary files on the system, potentially leading to unauthorized file modification or system compromise.
reference:
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69686
classification:
cvss-metrics: CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:P
cvss-score: 3.6
cve-id: CVE-2011-3171
cwe-id: CWE-22
epss-score: 0.00026
epss-percentile: 0.05772
cpe: cpe:2.3:a:pureftpd:pure-ftpd:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: pureftpd
product: pure-ftpd
shodan-query:
- product:"pure-ftpd" version:"1.0.14"
- cpe:"cpe:2.3:a:pureftpd:pure-ftpd"
tags: cve,cve2011,network,ftp,pure-ftpd,tcp,passive,lfi,vuln
tcp:
- inputs:
- data: 00000000
type: hex
host:
- "{{Hostname}}"
port: 21
read-size: 1024
matchers:
- type: dsl
dsl:
- "contains(raw, 'Pure-FTPd')"
- "compare_versions(version, '<= 1.0.22')"
condition: and
extractors:
- type: regex
group: 1
name: version
regex:
- "Pure-FTPd ([0-9.]+)"
# digest: 4b0a00483046022100ebef4a7e20b7ed485303a8c241e26bbe66e0944b8b4ad795a38827908d0d356b022100a352b6a6aaf1c192391d11f868c9ffdc5a9fd9dd545376ef8e8282fcfebcab26:922c64590222798bb761d5b6d8e72950