Veracode Vulnerability DatabaseVERACODE:24631Denial Of Service (DoS)
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
vsftpd is vulnerable to denial of service (DoS). The vulnerability exists as a flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially-crafted file name pattern.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vsftpd | eq | 2.0.5__12.el5 | |
| vsftpd | eq | 2.0.1__8.el4 | |
| vsftpd | eq | 2.0.1__6.el4 | |
| vsftpd | eq | 2.0.5__10.el5 | |
| vsftpd | eq | 2.0.5__12.el5_3.1 | |
| vsftpd | eq | 2.0.1__7.el4 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
cxib.net/stuff/vspoc232.c
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
jvn.jp/en/jp/JVN37417423/index.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
marc.info/?l=bugtraq&m=133226187115472&w=2
securityreason.com/achievement_securityalert/95
securityreason.com/securityalert/8109
www.debian.org/security/2011/dsa-2305
www.exploit-db.com/exploits/16270
www.kb.cert.org/vuls/id/590604
www.mandriva.com/security/advisories?name=MDVSA-2011:049
www.redhat.com/support/errata/RHSA-2011-0337.html
www.securityfocus.com/archive/1/516748/100/0/threaded
www.securityfocus.com/bid/46617
www.securitytracker.com/id?1025186
www.ubuntu.com/usn/USN-1098-1
www.vupen.com/english/advisories/2011/0547
www.vupen.com/english/advisories/2011/0639
www.vupen.com/english/advisories/2011/0668
www.vupen.com/english/advisories/2011/0713
access.redhat.com/errata/RHSA-2011:0337
access.redhat.com/security/updates/classification/#important
exchange.xforce.ibmcloud.com/vulnerabilities/65873
Related
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P