Vulnerability Description
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pureftpd | Pure-Ftpd | <= 1.0.22 |
| Suse | Linux Enterprise Desktop | 10 |
| Suse | Linux Enterprise Server | 10 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html
- http://www.securityfocus.com/bid/49541
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69686
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html
- http://www.securityfocus.com/bid/49541
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69686
FAQ
What is CVE-2011-3171?
CVE-2011-3171 is a vulnerability with a CVSS score of 3.6 (LOW). Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server...
How severe is CVE-2011-3171?
CVE-2011-3171 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3171?
Check the references section above for vendor advisories and patch information. Affected products include: Pureftpd Pure-Ftpd, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server.