Permissions, Privileges, and Access Controls in Pure-FTPd - CVE-2011-0988
Published: April 18, 2011 / Updated: June 17, 2025
Vulnerability identifier: #VU45122
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-0988
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PureFTPd.org
Affected software:
Pure-FTPd
Pure-FTPd
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
How to mitigate CVE-2011-0988
Install update from vendor's website.