AUTH.TLS.Plaintext.Command.Injection
Description
This indicates an attack attempt against a Command Execution vulnerability in STARTTLS protocol extension in Pure-FTPd.
The vulnerability is caused by an error when the vulnerable software handles a malicious "AUTH TLS" command. It allows a remote attacker to execute arbitrary commands via sending a crafted request.
Affected Products
Pure-FTPd before 1.0.30
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version available from the website.
http://www.pureftpd.org/project/pure-ftpd/download
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |