Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0762

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-0762
Last Modified 20 Feb 2014 11:40:21
Published 02 Mar 2011 03:00:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-0762

Summary

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

Vulnerable Systems

Application

  • Beasts Vsftpd 0.0.1

  • Beasts Vsftpd 0.0.10

  • Beasts Vsftpd 0.0.11

  • Beasts Vsftpd 0.0.12

  • Beasts Vsftpd 0.0.13

  • Beasts Vsftpd 0.0.14

  • Beasts Vsftpd 0.0.15

  • Beasts Vsftpd 0.0.2

  • Beasts Vsftpd 0.0.3

  • Beasts Vsftpd 0.0.4

  • Beasts Vsftpd 0.0.5

  • Beasts Vsftpd 0.0.6

  • Beasts Vsftpd 0.0.7

  • Beasts Vsftpd 0.0.8

  • Beasts Vsftpd 0.0.9

  • Beasts Vsftpd 0.9.0

  • Beasts Vsftpd 0.9.1

  • Beasts Vsftpd 0.9.2

  • Beasts Vsftpd 0.9.3

  • Beasts Vsftpd 1.0.0

  • Beasts Vsftpd 1.0.1

  • Beasts Vsftpd 1.1.0

  • Beasts Vsftpd 1.1.1

  • Beasts Vsftpd 1.1.2

  • Beasts Vsftpd 1.1.3

  • Beasts Vsftpd 1.2.0

  • Beasts Vsftpd 1.2.1

  • Beasts Vsftpd 1.2.2

  • Beasts Vsftpd 2.0.0

  • Beasts Vsftpd 2.0.1

  • Beasts Vsftpd 2.0.2

  • Beasts Vsftpd 2.0.3

  • Beasts Vsftpd 2.0.4

  • Beasts Vsftpd 2.0.5

  • Beasts Vsftpd 2.0.6

  • Beasts Vsftpd 2.0.7

  • Beasts Vsftpd 2.1.0

  • Beasts Vsftpd 2.1.1

  • Beasts Vsftpd 2.1.2

  • Beasts Vsftpd 2.2.0

  • Beasts Vsftpd 2.2.1

  • Beasts Vsftpd 2.2.2

  • Beasts Vsftpd 2.3.0

  • Beasts Vsftpd 2.3.1

  • Beasts Vsftpd 2.3.2


References

CERT-VN - VU#590604

XF - vsftpd-vsffilenamepassesfilter-dos(65873)

VUPEN - ADV-2011-0713

VUPEN - ADV-2011-0668

VUPEN - ADV-2011-0639

VUPEN - ADV-2011-0547

UBUNTU - USN-1098-1

SECTRACK - 1025186

BID - 46617

BUGTRAQ - 20110301 vsftpd 2.3.2 remote denial-of-service

REDHAT - RHSA-2011:0337

MANDRIVA - MDVSA-2011:049

EXPLOIT-DB - 16270

DEBIAN - DSA-2305

SREASON - 8109

FEDORA - FEDORA-2011-2567

FEDORA - FEDORA-2011-2590

FEDORA - FEDORA-2011-2615

MISC - http://cxib.net/stuff/vspoc232.c

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741

CONFIRM - ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog

HP - SSRT100802

HP - HPSBMU02752

SUSE - SUSE-SR:2011:009

Related Patches

Red Hat 2011:0337-01 RHSA Important: vsftpd security update for RHEL 5 x86

Red Hat 2011:0337-01 RHSA Important: vsftpd security update for RHEL 4 x86


Last Updated: 27 May 2016 10:51:39