Published: 22/05/2008 Updated: 13/02/2023

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

VMScore: 725

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote malicious users to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise_linux 5.0
redhat fedora 6
redhat fedora 7
redhat fedora 8
foresight_linux appliances
rpath appliance_platform_agent

source: wwwsecurityfocuscom/bid/29322/info The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability because it fails to free allocated memory Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users #!/usr/bin/perl -w ################## ...

#!/usr/bin/perl -w ####################################################################################### # vsftpd 205 FTP Server on Red Hat Enterprise Linux (RHEL) 5, Fedora 6 to 8, # Foresight Linux, rPath Linux is prone to Denial-of-Service(DoS) vulnerability # # Can be xploited by large number of CWD commands to vsftp daemon with deny_ ...

source: wwwsecurityfocuscom/bid/29322/info The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability because it fails to free allocated memory Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users # echo deny_file=foo >> /etc/vsftpd/ ...

vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption

CVE-2007-5962 1 Introduction My tool is written in Python and exploits the CVE-2007-5962 vulnerability to perform a series of directory changes that crash the ftp daemon *** DISCLAIMER!!! *** Please note that the use of hacking tools without authorization is illegal and could result in legal problems Therefore, it is important to use this tool

CWE-399 http://www.openwall.com/lists/oss-security/2008/05/21/10 http://www.openwall.com/lists/oss-security/2008/05/21/12 http://www.openwall.com/lists/oss-security/2008/05/21/8 https://bugzilla.redhat.com/show_bug.cgi?id=397011 http://www.redhat.com/support/errata/RHSA-2008-0295.html http://www.securityfocus.com/bid/29322 http://securitytracker.com/id?1020079 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html http://secunia.com/advisories/30354 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html http://secunia.com/advisories/30341 http://www.vupen.com/english/advisories/2008/1600 https://exchange.xforce.ibmcloud.com/vulnerabilities/42593 https://www.exploit-db.com/exploits/5814 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850 http://www.securityfocus.com/archive/1/493167/100/0/threaded https://nvd.nist.gov https://github.com/antogit-sys/CVE-2007-5962 https://www.exploit-db.com/exploits/31819/

CVE-2007-5962

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect