Computer Security
[EN] securityvulns.ru no-pyccku


vsftpd DoS
Published:03.03.2011
Source:
SecurityVulns ID:11481
Type:remote
Threat Level:
5/10
Description:Resources exhaustion via path globbing.
Affected:VSFTPD : vsftpd 2.3
CVE:CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.)
 CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.)
Original documentdocumentMaksymilian Arciemowicz, vsftpd 2.3.2 remote denial-of-service (03.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod