Sign-up

ID

VAR-201104-0089


CVE

CVE-2011-0988


TITLE

SUSE Linux Enterprise Server Used in pure-ftpd Vulnerable to overwriting arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2011-004281

DESCRIPTION

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. Pure-FTPd in SUSE is prone to a local insecure-file-permissions vulnerability. A local attacker can exploit this issue to overwrite certain files. This may lead to privilege escalation; other attacks may also be possible. ---------------------------------------------------------------------- Q1 Factsheets released: http://secunia.com/resources/factsheets/2011_vendor/ ---------------------------------------------------------------------- TITLE: SUSE pure-ftpd Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA44039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44039 RELEASE DATE: 2011-04-08 DISCUSS ADVISORY: http://secunia.com/advisories/44039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has acknowledged a vulnerability in the pure-ftpd package for SUSE Linux Enterprise Server, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error related to a world-writable folder created by the "OES pure-ftpd Netware extensions", which can be exploited to manipulate system files and gain escalated privileges. Further information is currently not available. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SUSE-SU-2011:0306-1: https://hermes.opensuse.org/messages/7849430 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2011-0988 // JVNDB: JVNDB-2011-004281 // BID: 47425 // PACKETSTORM: 100199

AFFECTED PRODUCTS

vendor:pureftpdmodel:pure-ftpdscope:eqversion:1.0.22

Trust: 1.8

vendor:novellmodel:suse linuxscope:eqversion:10

Trust: 1.6

vendor:novellmodel:suse linuxscope:eqversion:11

Trust: 1.6

vendor:novellmodel:suse linuxscope:eqversion:9.1 enterprise server 10 sp3 and sp4

Trust: 0.8

vendor:novellmodel:suse linuxscope:eqversion:enterprise desktop 10 sp3 and sp4

Trust: 0.8

vendor:susemodel:linux enterprise sp4scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise sp3scope:eqversion:10

Trust: 0.3

vendor:pure ftpdmodel:pure-ftpd for susescope:eqversion:0

Trust: 0.3

sources: BID: 47425 // JVNDB: JVNDB-2011-004281 // CNNVD: CNNVD-201104-171 // NVD: CVE-2011-0988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0988
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-0988
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201104-171
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2011-0988
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-004281 // CNNVD: CNNVD-201104-171 // NVD: CVE-2011-0988

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2011-004281 // NVD: CVE-2011-0988

THREAT TYPE

local

Trust: 1.0

sources: BID: 47425 // PACKETSTORM: 100199 // CNNVD: CNNVD-201104-171

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201104-171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-004281

PATCH
title:CVE-2011-0988url:http://support.novell.com/security/cve/CVE-2011-0988.html
Trust: 0.8
title:Pure-FTPdurl:http://www.pureftpd.org/project/pure-ftpd
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-004281

EXTERNAL IDS
db:NVDid:CVE-2011-0988
Trust: 2.7
db:SECUNIAid:44039
Trust: 1.7
db:JVNDBid:JVNDB-2011-004281
Trust: 0.8
db:SUSEid:SUSE-SU-2011:0306
Trust: 0.6
db:XFid:66618
Trust: 0.6
db:CNNVDid:CNNVD-201104-171
Trust: 0.6
db:BIDid:47425
Trust: 0.3
db:PACKETSTORMid:100199
Trust: 0.1
sources:
            
            
            BID: 47425 // 
            
            
            
            JVNDB: JVNDB-2011-004281 // 
            
            
            
            PACKETSTORM: 100199 // 
            
            
            
            CNNVD: CNNVD-201104-171 // 
            
            
            
            NVD: CVE-2011-0988

REFERENCES
url:https://hermes.opensuse.org/messages/7849430
Trust: 1.7
url:http://secunia.com/advisories/44039
Trust: 1.6
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0988
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/66618
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0988
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/66618
Trust: 0.6
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/44039/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44039
Trust: 0.1
url:http://secunia.com/advisories/44039/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/resources/factsheets/2011_vendor/
Trust: 0.1
sources:
            
            
            BID: 47425 // 
            
            
            
            JVNDB: JVNDB-2011-004281 // 
            
            
            
            PACKETSTORM: 100199 // 
            
            
            
            CNNVD: CNNVD-201104-171 // 
            
            
            
            NVD: CVE-2011-0988

CREDITS
This issue was disclosed in a SUSE advisory.
Trust: 0.3
sources:
            
            
            BID: 47425

SOURCES
db:BIDid:47425
db:JVNDBid:JVNDB-2011-004281
db:PACKETSTORMid:100199
db:CNNVDid:CNNVD-201104-171
db:NVDid:CVE-2011-0988

LAST UPDATE DATE
2024-11-23T22:27:41.522000+00:00

SOURCES UPDATE DATE
db:BIDid:47425date:2015-03-19T09:49:00
db:JVNDBid:JVNDB-2011-004281date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201104-171date:2011-04-19T00:00:00
db:NVDid:CVE-2011-0988date:2024-11-21T01:25:15.240

SOURCES RELEASE DATE
db:BIDid:47425date:2011-04-19T00:00:00
db:JVNDBid:JVNDB-2011-004281date:2012-03-27T00:00:00
db:PACKETSTORMid:100199date:2011-04-08T06:18:38
db:CNNVDid:CNNVD-201104-171date:2011-04-19T00:00:00
db:NVDid:CVE-2011-0988date:2011-04-18T17:55:01.030