CVE - CVE-2007-5962

CVE-ID
CVE-2007-5962	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1020079 URL:http://securitytracker.com/id?1020079 MISC:20080606 rPSA-2008-0185-1 vsftpd URL:http://www.securityfocus.com/archive/1/493167/100/0/threaded MISC:29322 URL:http://www.securityfocus.com/bid/29322 MISC:30341 URL:http://secunia.com/advisories/30341 MISC:30354 URL:http://secunia.com/advisories/30354 MISC:5814 URL:https://www.exploit-db.com/exploits/5814 MISC:ADV-2008-1600 URL:~~http://www.vupen.com/english/advisories/2008/1600~~ (Obsolete source) MISC:FEDORA-2008-4347 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html MISC:FEDORA-2008-4362 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html MISC:FEDORA-2008-4373 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html MISC:RHSA-2008:0295 URL:http://www.redhat.com/support/errata/RHSA-2008-0295.html MISC:[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/10 MISC:[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/12 MISC:[oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/8 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=397011 URL:https://bugzilla.redhat.com/show_bug.cgi?id=397011 MISC:oval:org.mitre.oval:def:8850 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850 MISC:vsftpd-denyfile-dos(42593) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42593
Assigning CNA
Red Hat, Inc.
Date Record Created
20071114	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071114)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE™ List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2025, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation.