PT-2008-3854 · Vsftpd+1 · Vsftpd+1
Mark J Cox
·
Published
2008-07-09
·
Updated
2023-02-13
·
CVE-2008-2375
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
vsftpd versions prior to 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4
Description:
A memory leak issue exists in a certain Red Hat deployment of vsftpd when PAM is used. This issue allows remote attackers to cause a denial of service by consuming memory via a large number of invalid authentication attempts within the same session.
Recommendations:
For vsftpd versions prior to 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, update to version 2.0.5 or later to resolve the issue.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat
Vsftpd