Lucene search

K

[email protected]NVD:CVE-2008-2375

HistoryJul 09, 2008 - 12:41 a.m.

CVE-2008-2375

2008-07-0900:41:00

CWE-399

[email protected]

web.nvd.nist.gov

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.4 Medium

AI Score

Confidence

Low

0.087 Low

EPSS

Percentile

94.5%

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch3.0

OR

redhatenterprise_linuxMatch4.0

AND

redhatvsftpdMatch0.0.1

OR

redhatvsftpdMatch0.0.2

OR

redhatvsftpdMatch0.0.3

OR

redhatvsftpdMatch0.0.4

OR

redhatvsftpdMatch0.0.5

OR

redhatvsftpdMatch0.0.6

OR

redhatvsftpdMatch0.0.7

OR

redhatvsftpdMatch0.0.8

OR

redhatvsftpdMatch0.0.9

OR

redhatvsftpdMatch0.0.10

OR

redhatvsftpdMatch0.0.11

OR

redhatvsftpdMatch0.0.12

OR

redhatvsftpdMatch0.0.13

OR

redhatvsftpdMatch0.0.14

OR

redhatvsftpdMatch0.0.15

OR

redhatvsftpdMatch0.9.0

OR

redhatvsftpdMatch0.9.1

OR

redhatvsftpdMatch0.9.2

OR

redhatvsftpdMatch0.9.3

OR

redhatvsftpdMatch1.1.0

OR

redhatvsftpdMatch1.1.1

OR

redhatvsftpdMatch1.1.2

OR

redhatvsftpdMatch1.1.3

OR

redhatvsftpdMatch1.2.0

OR

redhatvsftpdMatch1.2.1

OR

redhatvsftpdMatch1.2.2

OR

redhatvsftpdMatch2.0.0

OR

redhatvsftpdMatch2.0.1

OR

redhatvsftpdMatch2.0.2

OR

redhatvsftpdMatch2.0.3

OR

redhatvsftpdMatch2.0.4

References

secunia.com/advisories/31007

secunia.com/advisories/31223

secunia.com/advisories/32263

support.avaya.com/elmodocs2/security/ASA-2008-398.htm

wiki.rpath.com/Advisories:rPSA-2008-0217

www.openwall.com/lists/oss-security/2008/06/30/2

www.redhat.com/support/errata/RHSA-2008-0579.html

www.redhat.com/support/errata/RHSA-2008-0680.html

www.securityfocus.com/archive/1/494081/100/0/threaded

www.securityfocus.com/bid/30364

www.securitytracker.com/id?1020546

www.vupen.com/english/advisories/2008/2820

bugzilla.redhat.com/attachment.cgi?id=201051

issues.rpath.com/browse/RPL-2640

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10138

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.4 Medium

AI Score

Confidence

Low

0.087 Low

EPSS

Percentile

94.5%

Related for NVD:CVE-2008-2375

cve2 ubuntucve2 prion2 debiancve2 cvelist2 oraclelinux2 openvas21 veracode1 fedora3 nessus14 nvd1 redhat3 centos1 seebug1 securityvulns2