PT-2008-1526 · Vsftpd+1 · Vsftpd+1

Publicado

2008-05-21

·

Atualizado

2023-02-13

·

CVE-2007-5962

CVSS v2.0

7.1

Alta

VetorAV:N/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions vsftpd version 2.0.5
Description A memory leak issue exists, allowing remote attackers to cause a denial of service by consuming memory via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny file configuration option.
Recommendations For vsftpd version 2.0.5, consider restricting access to the CWD command as a temporary workaround until a patch is available.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2007-5962
RHSA-2008:0295
RHSA-2008_0295

Produtos afetados

Red Hat
Vsftpd