CVE - CVE-2007-5962

CVE-ID
CVE-2007-5962	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:29322 URL:http://www.securityfocus.com/bid/29322 BUGTRAQ:20080606 rPSA-2008-0185-1 vsftpd URL:http://www.securityfocus.com/archive/1/493167/100/0/threaded CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=397011 EXPLOIT-DB:5814 URL:https://www.exploit-db.com/exploits/5814 FEDORA:FEDORA-2008-4347 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html FEDORA:FEDORA-2008-4362 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html FEDORA:FEDORA-2008-4373 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html MLIST:[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/10 MLIST:[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/12 MLIST:[oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/8 OVAL:oval:org.mitre.oval:def:8850 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850 REDHAT:RHSA-2008:0295 URL:http://www.redhat.com/support/errata/RHSA-2008-0295.html SECTRACK:1020079 URL:http://securitytracker.com/id?1020079 SECUNIA:30341 URL:http://secunia.com/advisories/30341 SECUNIA:30354 URL:http://secunia.com/advisories/30354 VUPEN:ADV-2008-1600 URL:http://www.vupen.com/english/advisories/2008/1600 XF:vsftpd-denyfile-dos(42593) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42593
Assigning CNA
Red Hat, Inc.
Date Record Created
20071114	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071114)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)