CVE-2011-0762

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-0762
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog Broken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 Issue Tracking Third Party Advisory
http://cxib.net/stuff/vspoc232.c Broken Link
http://jvn.jp/en/jp/JVN37417423/index.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=133226187115472&w=2 Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=133226187115472&w=2 Issue Tracking Third Party Advisory
http://securityreason.com/achievement_securityalert/95 Exploit Third Party Advisory
http://securityreason.com/securityalert/8109 Exploit Third Party Advisory
http://www.debian.org/security/2011/dsa-2305 Third Party Advisory
http://www.exploit-db.com/exploits/16270 Exploit Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/590604 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:049 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0337.html Third Party Advisory
http://www.securityfocus.com/archive/1/516748/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/46617 Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025186 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1098-1 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0547 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0639 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0668 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0713 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65873 Third Party Advisory VDB Entry
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog Broken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 Issue Tracking Third Party Advisory
http://cxib.net/stuff/vspoc232.c Broken Link
http://jvn.jp/en/jp/JVN37417423/index.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=133226187115472&w=2 Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=133226187115472&w=2 Issue Tracking Third Party Advisory
http://securityreason.com/achievement_securityalert/95 Exploit Third Party Advisory
http://securityreason.com/securityalert/8109 Exploit Third Party Advisory
http://www.debian.org/security/2011/dsa-2305 Third Party Advisory
http://www.exploit-db.com/exploits/16270 Exploit Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/590604 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:049 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0337.html Third Party Advisory
http://www.securityfocus.com/archive/1/516748/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/46617 Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025186 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1098-1 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0547 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0639 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0668 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0713 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65873 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:vsftpd_project:vsftpd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
History

21 Nov 2024, 01:24

Type Values Removed Values Added
References () ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog - Broken Link () ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog - Broken Link
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 - Issue Tracking, Third Party Advisory () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 - Issue Tracking, Third Party Advisory
References () http://cxib.net/stuff/vspoc232.c - Broken Link () http://cxib.net/stuff/vspoc232.c - Broken Link
References () http://jvn.jp/en/jp/JVN37417423/index.html - Third Party Advisory () http://jvn.jp/en/jp/JVN37417423/index.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html - Mailing List, Third Party Advisory
References () http://marc.info/?l=bugtraq&m=133226187115472&w=2 - Issue Tracking, Third Party Advisory () http://marc.info/?l=bugtraq&m=133226187115472&w=2 - Issue Tracking, Third Party Advisory
References () http://securityreason.com/achievement_securityalert/95 - Exploit, Third Party Advisory () http://securityreason.com/achievement_securityalert/95 - Exploit, Third Party Advisory
References () http://securityreason.com/securityalert/8109 - Exploit, Third Party Advisory () http://securityreason.com/securityalert/8109 - Exploit, Third Party Advisory
References () http://www.debian.org/security/2011/dsa-2305 - Third Party Advisory () http://www.debian.org/security/2011/dsa-2305 - Third Party Advisory
References () http://www.exploit-db.com/exploits/16270 - Exploit, Third Party Advisory, VDB Entry () http://www.exploit-db.com/exploits/16270 - Exploit, Third Party Advisory, VDB Entry
References () http://www.kb.cert.org/vuls/id/590604 - Broken Link () http://www.kb.cert.org/vuls/id/590604 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:049 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2011:049 - Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2011-0337.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2011-0337.html - Third Party Advisory
References () http://www.securityfocus.com/archive/1/516748/100/0/threaded - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/516748/100/0/threaded - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/46617 - Exploit, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/46617 - Exploit, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1025186 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1025186 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-1098-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-1098-1 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2011/0547 - Third Party Advisory () http://www.vupen.com/english/advisories/2011/0547 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2011/0639 - Third Party Advisory () http://www.vupen.com/english/advisories/2011/0639 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2011/0668 - Third Party Advisory () http://www.vupen.com/english/advisories/2011/0668 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2011/0713 - Third Party Advisory () http://www.vupen.com/english/advisories/2011/0713 - Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/65873 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/65873 - Third Party Advisory, VDB Entry
Information

Published : 2011-03-02 20:00

Updated : 2024-11-21 01:24

NVD link : CVE-2011-0762

Mitre link : CVE-2011-0762

CVE.ORG link : CVE-2011-0762

JSON object : View

Products Affected

opensuse

  • opensuse

canonical

  • ubuntu_linux

suse

  • linux_enterprise_server

vsftpd_project

  • vsftpd

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-400

Uncontrolled Resource Consumption


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024