Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2375

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-2375
Last Modified 07 Mar 2011 10:09:05
Published 08 Jul 2008 08:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2375

Summary

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

Vulnerable Systems

Application

  • Redhat Vsftpd 0.0.1

  • Redhat Vsftpd 0.0.10

  • Redhat Vsftpd 0.0.11

  • Redhat Vsftpd 0.0.12

  • Redhat Vsftpd 0.0.13

  • Redhat Vsftpd 0.0.14

  • Redhat Vsftpd 0.0.15

  • Redhat Vsftpd 0.0.2

  • Redhat Vsftpd 0.0.3

  • Redhat Vsftpd 0.0.4

  • Redhat Vsftpd 0.0.5

  • Redhat Vsftpd 0.0.6

  • Redhat Vsftpd 0.0.7

  • Redhat Vsftpd 0.0.8

  • Redhat Vsftpd 0.0.9

  • Redhat Vsftpd 0.9.0

  • Redhat Vsftpd 0.9.1

  • Redhat Vsftpd 0.9.2

  • Redhat Vsftpd 0.9.3

  • Redhat Vsftpd 1.1.0

  • Redhat Vsftpd 1.1.1

  • Redhat Vsftpd 1.1.2

  • Redhat Vsftpd 1.1.3

  • Redhat Vsftpd 1.2.0

  • Redhat Vsftpd 1.2.1

  • Redhat Vsftpd 1.2.2

  • Redhat Vsftpd 2.0.0

  • Redhat Vsftpd 2.0.1

  • Redhat Vsftpd 2.0.2

  • Redhat Vsftpd 2.0.3

  • Redhat Vsftpd 2.0.4


References

CONFIRM - https://issues.rpath.com/browse/RPL-2640

CONFIRM - https://bugzilla.redhat.com/attachment.cgi?id=201051

VUPEN - ADV-2008-2820

SECTRACK - 1020546

BID - 30364

BUGTRAQ - 20080708 rPSA-2008-0217-1 vsftpd

REDHAT - RHSA-2008:0680

REDHAT - RHSA-2008:0579

MLIST - [oss-security] 20080630 CVE-2008-2375 older vsftpd authentication memory leak

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0217

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-398.htm

SECUNIA - 32263

SECUNIA - 31223

SECUNIA - 31007

Related Patches

Red Hat 2008:0680-11 RHSA Moderate: vsftpd security and bug fix update for RHEL 4 x86


Last Updated: 27 May 2016 10:47:50