CVE-2011-0418

UNRATED

Description

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

Affected products

NetBSD / netbsd5.1 – 5.1
pureftpd / pure-ftpd0.90 – 0.90
pureftpd / pure-ftpd0.91 – 0.91
pureftpd / pure-ftpd0.92 – 0.92
pureftpd / pure-ftpd0.93 – 0.93
pureftpd / pure-ftpd0.94 – 0.94
pureftpd / pure-ftpd0.95 – 0.95
pureftpd / pure-ftpd0.95-pre1 – 0.95-pre1
pureftpd / pure-ftpd0.95-pre2 – 0.95-pre2
pureftpd / pure-ftpd0.95-pre3 – 0.95-pre3
pureftpd / pure-ftpd0.95-pre4 – 0.95-pre4
pureftpd / pure-ftpd0.95.1 – 0.95.1
pureftpd / pure-ftpd0.95.2 – 0.95.2
pureftpd / pure-ftpd0.96 – 0.96
pureftpd / pure-ftpd0.96.1 – 0.96.1
pureftpd / pure-ftpd0.96pre1 – 0.96pre1
pureftpd / pure-ftpd0.97-final – 0.97-final
pureftpd / pure-ftpd0.97.1 – 0.97.1
pureftpd / pure-ftpd0.97.2 – 0.97.2
pureftpd / pure-ftpd0.97.3 – 0.97.3
pureftpd / pure-ftpd0.97.4 – 0.97.4
pureftpd / pure-ftpd0.97.5 – 0.97.5
pureftpd / pure-ftpd0.97.6 – 0.97.6
pureftpd / pure-ftpd0.97.7 – 0.97.7
pureftpd / pure-ftpd0.97.7pre1 – 0.97.7pre1
pureftpd / pure-ftpd0.97.7pre2 – 0.97.7pre2
pureftpd / pure-ftpd0.97.7pre3 – 0.97.7pre3
pureftpd / pure-ftpd0.97pre1 – 0.97pre1
pureftpd / pure-ftpd0.97pre2 – 0.97pre2
pureftpd / pure-ftpd0.97pre3 – 0.97pre3
pureftpd / pure-ftpd0.97pre4 – 0.97pre4
pureftpd / pure-ftpd0.97pre5 – 0.97pre5
pureftpd / pure-ftpd0.98-final – 0.98-final
pureftpd / pure-ftpd0.98.1 – 0.98.1
pureftpd / pure-ftpd0.98.2 – 0.98.2
pureftpd / pure-ftpd0.98.2a – 0.98.2a
pureftpd / pure-ftpd0.98.3 – 0.98.3
pureftpd / pure-ftpd0.98.4 – 0.98.4
pureftpd / pure-ftpd0.98.5 – 0.98.5
pureftpd / pure-ftpd0.98.6 – 0.98.6
pureftpd / pure-ftpd0.98.7 – 0.98.7
pureftpd / pure-ftpd0.98pre1 – 0.98pre1
pureftpd / pure-ftpd0.98pre2 – 0.98pre2
pureftpd / pure-ftpd0.99 – 0.99
pureftpd / pure-ftpd0.99.1 – 0.99.1
pureftpd / pure-ftpd0.99.1a – 0.99.1a
pureftpd / pure-ftpd0.99.1b – 0.99.1b
pureftpd / pure-ftpd0.99.2 – 0.99.2
pureftpd / pure-ftpd0.99.2a – 0.99.2a
pureftpd / pure-ftpd0.99.3 – 0.99.3
pureftpd / pure-ftpd0.99.4 – 0.99.4
pureftpd / pure-ftpd0.99.9 – 0.99.9
pureftpd / pure-ftpd0.99a – 0.99a
pureftpd / pure-ftpd0.99b – 0.99b
pureftpd / pure-ftpd0.99pre1 – 0.99pre1
pureftpd / pure-ftpd0.99pre2 – 0.99pre2
pureftpd / pure-ftpd1.0.0 – 1.0.0
pureftpd / pure-ftpd1.0.1 – 1.0.1
pureftpd / pure-ftpd1.0.2 – 1.0.2
pureftpd / pure-ftpd1.0.3 – 1.0.3
pureftpd / pure-ftpd1.0.4 – 1.0.4
pureftpd / pure-ftpd1.0.5 – 1.0.5
pureftpd / pure-ftpd1.0.6 – 1.0.6
pureftpd / pure-ftpd1.0.7 – 1.0.7
pureftpd / pure-ftpd1.0.8 – 1.0.8
pureftpd / pure-ftpd1.0.9 – 1.0.9
pureftpd / pure-ftpd1.0.10 – 1.0.10
pureftpd / pure-ftpd1.0.11 – 1.0.11
pureftpd / pure-ftpd1.0.12 – 1.0.12
pureftpd / pure-ftpd1.0.13a – 1.0.13a
pureftpd / pure-ftpd1.0.14 – 1.0.14
pureftpd / pure-ftpd1.0.15 – 1.0.15
pureftpd / pure-ftpd1.0.16a – 1.0.16a
pureftpd / pure-ftpd1.0.16b – 1.0.16b
pureftpd / pure-ftpd1.0.16c – 1.0.16c
pureftpd / pure-ftpd1.0.17 – 1.0.17
pureftpd / pure-ftpd1.0.17a – 1.0.17a
pureftpd / pure-ftpd1.0.18 – 1.0.18
pureftpd / pure-ftpd1.0.31
pureftpd / pure-ftpd1.0.20 – 1.0.20
pureftpd / pure-ftpd1.0.21 – 1.0.21
pureftpd / pure-ftpd1.0.22 – 1.0.22
pureftpd / pure-ftpd1.0.24 – 1.0.24
pureftpd / pure-ftpd1.0.25 – 1.0.25
pureftpd / pure-ftpd1.0.26 – 1.0.26
pureftpd / pure-ftpd1.0.27 – 1.0.27
pureftpd / pure-ftpd1.0.28 – 1.0.28
pureftpd / pure-ftpd1.0.29 – 1.0.29
pureftpd / pure-ftpd1.0.30 – 1.0.30
pureftpd / pure-ftpd1.0.19 – 1.0.19

CVE-2011-0418

Description

Affected products

References