vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service
|
|
SecurityTracker Alert ID: 1025186 |
|
SecurityTracker URL: http://securitytracker.com/id/1025186
|
|
CVE Reference:
CVE-2011-0762
(Links to External Site)
|
Date: Mar 10 2011
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to 2.3.3
|
Description:
A vulnerability was reported in vsftpd. A remote authenticated user can cause denial of service conditions.
A remote authenticated user can establish multiple FTP sessions and send specially crafted glob expressions in STAT commands to cause the target service to consume excessive CPU resources.
The original advisory is available at:
http://securityreason.com/achievement_securityalert/95
Maksymilian Arciemowicz of securityreason.com reported this vulnerability.
|
Impact:
A remote authenticated user can cause excessive CPU consumption on the target system.
|
Solution:
The vendor has issued a fix (2.3.3).
The vendor's advisory is available at:
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
|
Vendor URL: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 10 Mar 2011 19:11:40 +0000
Subject: vsftpd
|
http://securityreason.com/achievement_securityalert/95
CVE-2011-0762
|
|
