CVE-2011-1575

Pure-FTPd <1.0.30 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1575. PoCs published by masamoon.

AI-analyzed exploit summary This script sends a crafted FTP command sequence to detect the presence of CVE-2011-1575, a vulnerability in ProFTPD's mod_tls module. It does not exploit the vulnerability but checks for the vulnerable behavior.

Description

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Exploits (1)

nomisec SCANNER

by masamoon · poc

https://github.com/masamoon/cve-2011-1575-poc

View Code ZIP pw:eip

This script sends a crafted FTP command sequence to detect the presence of CVE-2011-1575, a vulnerability in ProFTPD's mod_tls module. It does not exploit the vulnerability but checks for the vulnerable behavior.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ProFTPD with mod_tls (versions before 1.3.3c)

No auth needed

Prerequisites: Network access to the target FTP server

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (14)

Core 14

Core References

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/04/11/14

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=683221

Various Sources mailing-list x_refsource_mlist

http://archives.pureftpd.org/archives.cgi?100:mss:3906:201103:cpeojfkblajnpinkeadd

Mailing List mailing-list x_refsource_mlist

http://lists.opensuse.org/opensuse-updates/2011-05/msg00029.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43988

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/04/11/7

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44548

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/04/11/8

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/04/11/3

Various Sources x_refsource_confirm

http://www.pureftpd.org/project/pure-ftpd/news

Patch x_refsource_confirm

https://bugzilla.novell.com/show_bug.cgi?id=686590

Patch mailing-list x_refsource_mlist

http://archives.pureftpd.org/archives.cgi?100:mss:3910:201103:cpeojfkblajnpinkeadd

Patch x_refsource_confirm

https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4

View Patch ZIP pw:eip

Scores

EPSS 0.3334

EPSS Percentile 98.2%

Details

CWE

CWE-399

Status published

Products (50)

pureftpd/pure-ftpd 0.90

pureftpd/pure-ftpd 0.91

pureftpd/pure-ftpd 0.92

pureftpd/pure-ftpd 0.93

pureftpd/pure-ftpd 0.94

pureftpd/pure-ftpd 0.95

pureftpd/pure-ftpd 0.95-pre1

pureftpd/pure-ftpd 0.95-pre2

pureftpd/pure-ftpd 0.95-pre3

pureftpd/pure-ftpd 0.95-pre4

... and 40 more

Published May 23, 2011

Tracked Since Feb 18, 2026