| Vulnerability Name: | CVE-2011-0762 (CCN-65873) | ||||||||||||||||||||||||||||
| Assigned: | 2011-03-01 | ||||||||||||||||||||||||||||
| Published: | 2011-03-01 | ||||||||||||||||||||||||||||
| Updated: | 2021-03-04 | ||||||||||||||||||||||||||||
| Summary: | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P) 3.3 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:C)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:C)
4.1 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-400 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Broken Link ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog Source: CONFIRM Type: Issue Tracking, Third Party Advisory http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 Source: MITRE Type: CNA CVE-2011-0762 Source: MISC Type: Broken Link http://cxib.net/stuff/vspoc232.c Source: JVN Type: Third Party Advisory JVN#37417423 Source: FEDORA Type: Third Party Advisory FEDORA-2011-2615 Source: FEDORA Type: Third Party Advisory FEDORA-2011-2590 Source: FEDORA Type: Third Party Advisory FEDORA-2011-2567 Source: SUSE Type: Mailing List, Third Party Advisory SUSE-SR:2011:009 Source: HP Type: Issue Tracking, Third Party Advisory HPSBMU02752 Source: CCN Type: RHSA-2011-0337 Important: vsftpd security update Source: SREASONRES Type: Exploit, Third Party Advisory 20110301 vsftpd 2.3.2 remote denial-of-service Source: SREASON Type: Exploit, Third Party Advisory 8109 Source: CCN Type: vsftpd Web page vsftpd - Secure, fast FTP server for UNIX-like systems Source: DEBIAN Type: Third Party Advisory DSA-2305 Source: DEBIAN Type: DSA-2305 vsftpd -- denial of service Source: EXPLOIT-DB Type: Exploit, Third Party Advisory, VDB Entry 16270 Source: CERT-VN Type: Broken Link VU#590604 Source: MANDRIVA Type: Third Party Advisory MDVSA-2011:049 Source: REDHAT Type: Third Party Advisory RHSA-2011:0337 Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20110301 vsftpd 2.3.2 remote denial-of-service Source: BID Type: Exploit, Third Party Advisory, VDB Entry 46617 Source: CCN Type: BID-46617 vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1025186 Source: UBUNTU Type: Third Party Advisory USN-1098-1 Source: VUPEN Type: Third Party Advisory ADV-2011-0547 Source: VUPEN Type: Third Party Advisory ADV-2011-0639 Source: VUPEN Type: Third Party Advisory ADV-2011-0668 Source: VUPEN Type: Third Party Advisory ADV-2011-0713 Source: XF Type: Third Party Advisory, VDB Entry vsftpd-vsffilenamepassesfilter-dos(65873) Source: XF Type: UNKNOWN vsftpd-vsffilenamepassesfilter-dos(65873) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [03-02-2011] Source: SUSE Type: SUSE-SR:2011:009 SUSE Security Summary Report | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration 5: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||