Published: 02/03/2011 Updated: 04/03/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The vsf_filename_passes_filter function in ls.c in vsftpd prior to 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vsftpd project vsftpd
canonical ubuntu linux 6.06
canonical ubuntu linux 8.04
canonical ubuntu linux 9.10
canonical ubuntu linux 10.04
canonical ubuntu linux 10.10
fedoraproject fedora 13
fedoraproject fedora 14
fedoraproject fedora 15
debian debian linux 5.0
debian debian linux 6.0
debian debian linux 7.0
opensuse opensuse 11.2
opensuse opensuse 11.3
opensuse opensuse 11.4
suse linux enterprise server 9
suse linux enterprise server 10
suse linux enterprise server 11

Debian Bug report logs - #622741 vsftpd: upgrade stable to fix remote DoS (CVE-2011-0762) Package: vsftpd; Maintainer for vsftpd is Keng-Yu Lin <kengyu@lexicaltw>; Source for vsftpd is src:vsftpd (PTS, buildd, popcon) Reported by: Dario Vieli <dario@wualacom> Date: Thu, 14 Apr 2011 10:42:08 UTC Severity: important ...

An attacker could send crafted input to vsftpd and cause it to crash ...

#include <stdioh> #include <stdlibh> #include <stringh> #include <sys/typesh> #include <sys/socketh> #include <netinet/inh> #include <netdbh> /* This is code of cxibnet/stuff/vspoc232c PoC CVE-2011-0762 ( vsftpd ) Remote Denial of Service Affected: 232 Fix: 234 Author: Maksymilian Ar ...

Vsftpd version 232 proof of concept denial of service exploit ...

Vsftpd versions 232 on NetBSD and 230 on Ubuntu suffer from a remote denial of service vulnerability ...

CWE-400 http://securityreason.com/achievement_securityalert/95 http://cxib.net/stuff/vspoc232.c ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog http://www.securityfocus.com/bid/46617 http://www.kb.cert.org/vuls/id/590604 http://www.vupen.com/english/advisories/2011/0547 http://www.exploit-db.com/exploits/16270 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html http://www.vupen.com/english/advisories/2011/0639 http://www.redhat.com/support/errata/RHSA-2011-0337.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html http://www.vupen.com/english/advisories/2011/0668 http://www.securitytracker.com/id?1025186 http://www.mandriva.com/security/advisories?name=MDVSA-2011:049 http://www.vupen.com/english/advisories/2011/0713 http://www.ubuntu.com/usn/USN-1098-1 http://securityreason.com/securityalert/8109 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 http://www.debian.org/security/2011/dsa-2305 http://marc.info/?l=bugtraq&m=133226187115472&w=2 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/65873 http://www.securityfocus.com/archive/1/516748/100/0/threaded http://jvn.jp/en/jp/JVN37417423/index.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 https://usn.ubuntu.com/1098-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/16270/

CVE-2011-0762

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect