This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote Fedora host is missing a security update.
Wietse Venema and Victor Duchovni discovered and reported an issue
that could lead to a potential information disclosure.
An unencrypted FTP command immediately following STARTTLS request
would get buffered and processed prior to SSL/TLS handshake, resulting
in potential authentication bypass in case a client certificate
authentication was configured to provide user identity.
A report of similar issue that was originally discovered in Postfix
MTA contains further technical details and discusses possible impact:
Users of pure-ftpd are advised to install this updated package which
contains a fix for the issue.
See also :
Update the affected pure-ftpd package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Family: Fedora Local Security Checks
Nessus Plugin ID: 53240 ()
Bugtraq ID: 46767