Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5962

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2007-5962
Last Modified 07 Mar 2011 10:01:34
Published 22 May 2008 09:09:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5962

Summary

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 5.0

  • Redhat Fedora 6

  • Redhat Fedora 7

  • Redhat Fedora 8


References

REDHAT - RHSA-2008:0295

FEDORA - FEDORA-2008-4373

FEDORA - FEDORA-2008-4362

FEDORA - FEDORA-2008-4347

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=397011

XF - vsftpd-denyfile-dos(42593)

VUPEN - ADV-2008-1600

BID - 29322

BUGTRAQ - 20080606 rPSA-2008-0185-1 vsftpd

MLIST - [oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific)

MLIST - [oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)

MILW0RM - 5814

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185

SECTRACK - 1020079

SECUNIA - 30354

SECUNIA - 30341

Related Patches

Red Hat 2008:0295-14 RHSA Low: vsftpd security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 10:46:20