SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   vsftpd Vendors:   Evans, Chris
vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1025186
SecurityTracker URL:  http://securitytracker.com/id/1025186
CVE Reference:   CVE-2011-0762   (Links to External Site)
Date:  Mar 10 2011
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 2.3.3
Description:   A vulnerability was reported in vsftpd. A remote authenticated user can cause denial of service conditions.

A remote authenticated user can establish multiple FTP sessions and send specially crafted glob expressions in STAT commands to cause the target service to consume excessive CPU resources.

The original advisory is available at:

http://securityreason.com/achievement_securityalert/95

Maksymilian Arciemowicz of securityreason.com reported this vulnerability.

Impact:   A remote authenticated user can cause excessive CPU consumption on the target system.
Solution:   The vendor has issued a fix (2.3.3).

The vendor's advisory is available at:

ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog

Vendor URL:  ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 10 2011 (Red Hat Issues Fix) vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 4, 5, and 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC