CVE-2011-3171 Scanner

Pure-FTPd is a free (BSD), secure, production-quality and standard-conformant FTP server. It is used widely in various distributions and platforms, providing robust features for file transfers and user authentication. Frequently utilized by hosting providers and developers, this software allows for versatile file sharing and hosting capabilities. With functionality to handle large amounts of data and numerous simultaneous connections, Pure-FTPd is a reliable choice for many enterprises and individual users. Through its integration with Netware OES systems, it offers additional services, which enhance its compatibility with other software products. The usability and configurability make it a preferred choice in environments needing secure yet flexible FTP solutions.

The vulnerability in Pure-FTPd version 1.0.22 arises from a directory traversal flaw. This issue occurs when the "Netware OES remote server" feature is enabled, which allows local users to navigate out of the intended directory structure. Such vulnerabilities enable unauthorized file overwriting, posing risks to file integrity. The flaw's exploitation may compromise critical data or system configurations, leading to further security breaches. Potential attackers could exploit this vulnerability to modify files on the server without proper authorization. Addressing this vulnerability involves recognizing its presence and implementing a patch or workaround to secure FTP communications.

The technical details of this vulnerability involve manipulating file paths in requests to the Pure-FTPd server, particularly when leveraging the Netware OES feature. The vulnerable component is unable to adequately sanitize input paths, thereby allowing users to escape defined directories. The flawed logic in path validation enables traversal attacks, which are executed using sequences like "../" that lead traversals upwards in the directory tree. Such flaws are particularly dangerous as they rely on seemingly innocuous interactions to achieve significant unauthorized access or changes. Users running affected versions need to evaluate their FTP configurations carefully to understand potential exposures.

When exploited, this directory traversal vulnerability can lead to unauthorized modification of files, potentially altering system or application behavior. The breach of file integrity might enable additional exploits, disrupt server operations, or allow for data corruption. The risks include loss of data confidentiality, integrity, and availability if high-value files are overwritten or deleted. The server and its data can become susceptible to subsequent attacks due to weakened defenses. Consequently, affected systems could experience downtime, reputation damage, or financial loss if their services are disrupted or data is exposed.

REFERENCES

• http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html
• https://exchange.xforce.ibmcloud.com/vulnerabilities/69686