CVE - CVE-2007-5962

CVE-ID
CVE-2007-5962	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080606 rPSA-2008-0185-1 vsftpd URL:http://www.securityfocus.com/archive/1/archive/1/493167/100/0/threaded MILW0RM:5814 URL:http://www.milw0rm.com/exploits/5814 MLIST:[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/10 MLIST:[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/12 MLIST:[oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/8 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=397011 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 FEDORA:FEDORA-2008-4347 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html FEDORA:FEDORA-2008-4362 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html FEDORA:FEDORA-2008-4373 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html REDHAT:RHSA-2008:0295 URL:http://www.redhat.com/support/errata/RHSA-2008-0295.html BID:29322 URL:http://www.securityfocus.com/bid/29322 OVAL:oval:org.mitre.oval:def:8850 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8850 SECUNIA:30354 URL:http://secunia.com/advisories/30354 SECUNIA:30341 URL:http://secunia.com/advisories/30341 VUPEN:ADV-2008-1600 URL:http://www.vupen.com/english/advisories/2008/1600 SECTRACK:1020079 URL:http://securitytracker.com/id?1020079 XF:vsftpd-denyfile-dos(42593) URL:http://xforce.iss.net/xforce/xfdb/42593
Date Entry Created
20071114	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071114)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2007-5962