CVE-2011-0418: Input Validation

First published: Thu May 12 2011(Updated: )

Multiple libc/glob(3) flaws were reported [1] that affect various *BSD libc implementations. In particular, globs containing braces could lead to resource exhaustion. One such vulnerable application is Pure-FTPd. This has been corrected in upstream version 1.0.32, where support for braces expansion in directory listings was disabled. [1] <a href="http://securityreason.com/achievement_securityalert/97">http://securityreason.com/achievement_securityalert/97</a> [2] <a href="http://www.pureftpd.org/project/pure-ftpd/news">http://www.pureftpd.org/project/pure-ftpd/news</a>

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Pureftpd Pure-ftpd	<=1.0.31
Pureftpd Pure-ftpd	=0.90
Pureftpd Pure-ftpd	=0.91
Pureftpd Pure-ftpd	=0.92
Pureftpd Pure-ftpd	=0.93
Pureftpd Pure-ftpd	=0.94
Pureftpd Pure-ftpd	=0.95
Pureftpd Pure-ftpd	=0.95-pre1
Pureftpd Pure-ftpd	=0.95-pre2
Pureftpd Pure-ftpd	=0.95-pre3
Pureftpd Pure-ftpd	=0.95-pre4
Pureftpd Pure-ftpd	=0.95.1
Pureftpd Pure-ftpd	=0.95.2
Pureftpd Pure-ftpd	=0.96
Pureftpd Pure-ftpd	=0.96.1
Pureftpd Pure-ftpd	=0.96pre1
Pureftpd Pure-ftpd	=0.97-final
Pureftpd Pure-ftpd	=0.97.1
Pureftpd Pure-ftpd	=0.97.2
Pureftpd Pure-ftpd	=0.97.3
Pureftpd Pure-ftpd	=0.97.4
Pureftpd Pure-ftpd	=0.97.5
Pureftpd Pure-ftpd	=0.97.6
Pureftpd Pure-ftpd	=0.97.7
Pureftpd Pure-ftpd	=0.97.7pre1
Pureftpd Pure-ftpd	=0.97.7pre2
Pureftpd Pure-ftpd	=0.97.7pre3
Pureftpd Pure-ftpd	=0.97pre1
Pureftpd Pure-ftpd	=0.97pre2
Pureftpd Pure-ftpd	=0.97pre3
Pureftpd Pure-ftpd	=0.97pre4
Pureftpd Pure-ftpd	=0.97pre5
Pureftpd Pure-ftpd	=0.98-final
Pureftpd Pure-ftpd	=0.98.1
Pureftpd Pure-ftpd	=0.98.2
Pureftpd Pure-ftpd	=0.98.2a
Pureftpd Pure-ftpd	=0.98.3
Pureftpd Pure-ftpd	=0.98.4
Pureftpd Pure-ftpd	=0.98.5
Pureftpd Pure-ftpd	=0.98.6
Pureftpd Pure-ftpd	=0.98.7
Pureftpd Pure-ftpd	=0.98pre1
Pureftpd Pure-ftpd	=0.98pre2
Pureftpd Pure-ftpd	=0.99
Pureftpd Pure-ftpd	=0.99.1
Pureftpd Pure-ftpd	=0.99.1a
Pureftpd Pure-ftpd	=0.99.1b
Pureftpd Pure-ftpd	=0.99.2
Pureftpd Pure-ftpd	=0.99.2a
Pureftpd Pure-ftpd	=0.99.3
Pureftpd Pure-ftpd	=0.99.4
Pureftpd Pure-ftpd	=0.99.9
Pureftpd Pure-ftpd	=0.99a
Pureftpd Pure-ftpd	=0.99b
Pureftpd Pure-ftpd	=0.99pre1
Pureftpd Pure-ftpd	=0.99pre2
Pureftpd Pure-ftpd	=1.0.0
Pureftpd Pure-ftpd	=1.0.1
Pureftpd Pure-ftpd	=1.0.2
Pureftpd Pure-ftpd	=1.0.3
Pureftpd Pure-ftpd	=1.0.4
Pureftpd Pure-ftpd	=1.0.5
Pureftpd Pure-ftpd	=1.0.6
Pureftpd Pure-ftpd	=1.0.7
Pureftpd Pure-ftpd	=1.0.8
Pureftpd Pure-ftpd	=1.0.9
Pureftpd Pure-ftpd	=1.0.10
Pureftpd Pure-ftpd	=1.0.11
Pureftpd Pure-ftpd	=1.0.12
Pureftpd Pure-ftpd	=1.0.13a
Pureftpd Pure-ftpd	=1.0.14
Pureftpd Pure-ftpd	=1.0.15
Pureftpd Pure-ftpd	=1.0.16a
Pureftpd Pure-ftpd	=1.0.16b
Pureftpd Pure-ftpd	=1.0.16c
Pureftpd Pure-ftpd	=1.0.17
Pureftpd Pure-ftpd	=1.0.17a
Pureftpd Pure-ftpd	=1.0.18
Pureftpd Pure-ftpd	=1.0.19
Pureftpd Pure-ftpd	=1.0.20
Pureftpd Pure-ftpd	=1.0.21
Pureftpd Pure-ftpd	=1.0.22
Pureftpd Pure-ftpd	=1.0.24
Pureftpd Pure-ftpd	=1.0.25
Pureftpd Pure-ftpd	=1.0.26
Pureftpd Pure-ftpd	=1.0.27
Pureftpd Pure-ftpd	=1.0.28
Pureftpd Pure-ftpd	=1.0.29
Pureftpd Pure-ftpd	=1.0.30
NetBSD NetBSD	=5.1

Remedy

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28

Remedy

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h

Never miss a vulnerability like this again

Reference Links

agent/type
agent/remedy
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/weakness
agent/severity
agent/references
agent/author
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2011-0418
agent/tags
agent/trending
vendor/pureftpd
canonical/pureftpd pure-ftpd
version/pureftpd pure-ftpd/1.0.31
version/pureftpd pure-ftpd/0.90
version/pureftpd pure-ftpd/0.91
version/pureftpd pure-ftpd/0.92
version/pureftpd pure-ftpd/0.93
version/pureftpd pure-ftpd/0.94
version/pureftpd pure-ftpd/0.95
version/pureftpd pure-ftpd/0.95-pre1
version/pureftpd pure-ftpd/0.95-pre2
version/pureftpd pure-ftpd/0.95-pre3
version/pureftpd pure-ftpd/0.95-pre4
version/pureftpd pure-ftpd/0.95.1
version/pureftpd pure-ftpd/0.95.2
version/pureftpd pure-ftpd/0.96
version/pureftpd pure-ftpd/0.96.1
version/pureftpd pure-ftpd/0.96pre1
version/pureftpd pure-ftpd/0.97-final
version/pureftpd pure-ftpd/0.97.1
version/pureftpd pure-ftpd/0.97.2
version/pureftpd pure-ftpd/0.97.3
version/pureftpd pure-ftpd/0.97.4
version/pureftpd pure-ftpd/0.97.5
version/pureftpd pure-ftpd/0.97.6
version/pureftpd pure-ftpd/0.97.7
version/pureftpd pure-ftpd/0.97.7pre1
version/pureftpd pure-ftpd/0.97.7pre2
version/pureftpd pure-ftpd/0.97.7pre3
version/pureftpd pure-ftpd/0.97pre1
version/pureftpd pure-ftpd/0.97pre2
version/pureftpd pure-ftpd/0.97pre3
version/pureftpd pure-ftpd/0.97pre4
version/pureftpd pure-ftpd/0.97pre5
version/pureftpd pure-ftpd/0.98-final
version/pureftpd pure-ftpd/0.98.1
version/pureftpd pure-ftpd/0.98.2
version/pureftpd pure-ftpd/0.98.2a
version/pureftpd pure-ftpd/0.98.3
version/pureftpd pure-ftpd/0.98.4
version/pureftpd pure-ftpd/0.98.5
version/pureftpd pure-ftpd/0.98.6
version/pureftpd pure-ftpd/0.98.7
version/pureftpd pure-ftpd/0.98pre1
version/pureftpd pure-ftpd/0.98pre2
version/pureftpd pure-ftpd/0.99
version/pureftpd pure-ftpd/0.99.1
version/pureftpd pure-ftpd/0.99.1a
version/pureftpd pure-ftpd/0.99.1b
version/pureftpd pure-ftpd/0.99.2
version/pureftpd pure-ftpd/0.99.2a
version/pureftpd pure-ftpd/0.99.3
version/pureftpd pure-ftpd/0.99.4
version/pureftpd pure-ftpd/0.99.9
version/pureftpd pure-ftpd/0.99a
version/pureftpd pure-ftpd/0.99b
version/pureftpd pure-ftpd/0.99pre1
version/pureftpd pure-ftpd/0.99pre2
version/pureftpd pure-ftpd/1.0.0
version/pureftpd pure-ftpd/1.0.1
version/pureftpd pure-ftpd/1.0.2
version/pureftpd pure-ftpd/1.0.3
version/pureftpd pure-ftpd/1.0.4
version/pureftpd pure-ftpd/1.0.5
version/pureftpd pure-ftpd/1.0.6
version/pureftpd pure-ftpd/1.0.7
version/pureftpd pure-ftpd/1.0.8
version/pureftpd pure-ftpd/1.0.9
version/pureftpd pure-ftpd/1.0.10
version/pureftpd pure-ftpd/1.0.11
version/pureftpd pure-ftpd/1.0.12
version/pureftpd pure-ftpd/1.0.13a
version/pureftpd pure-ftpd/1.0.14
version/pureftpd pure-ftpd/1.0.15
version/pureftpd pure-ftpd/1.0.16a
version/pureftpd pure-ftpd/1.0.16b
version/pureftpd pure-ftpd/1.0.16c
version/pureftpd pure-ftpd/1.0.17
version/pureftpd pure-ftpd/1.0.17a
version/pureftpd pure-ftpd/1.0.18
version/pureftpd pure-ftpd/1.0.19
version/pureftpd pure-ftpd/1.0.20
version/pureftpd pure-ftpd/1.0.21
version/pureftpd pure-ftpd/1.0.22
version/pureftpd pure-ftpd/1.0.24
version/pureftpd pure-ftpd/1.0.25
version/pureftpd pure-ftpd/1.0.26
version/pureftpd pure-ftpd/1.0.27
version/pureftpd pure-ftpd/1.0.28
version/pureftpd pure-ftpd/1.0.29
version/pureftpd pure-ftpd/1.0.30
vendor/netbsd
canonical/netbsd netbsd
version/netbsd netbsd/5.1

CVE-2011-0418: Input Validation

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact