CVE - CVE-2007-5962

CVE-ID
CVE-2007-5962	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080606 rPSA-2008-0185-1 vsftpd URL:http://www.securityfocus.com/archive/1/archive/1/493167/100/0/threaded EXPLOIT-DB:5814 URL:https://www.exploit-db.com/exploits/5814 MLIST:[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/10 MLIST:[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/12 MLIST:[oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific) URL:http://www.openwall.com/lists/oss-security/2008/05/21/8 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=397011 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 FEDORA:FEDORA-2008-4347 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html FEDORA:FEDORA-2008-4362 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html FEDORA:FEDORA-2008-4373 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html REDHAT:RHSA-2008:0295 URL:http://www.redhat.com/support/errata/RHSA-2008-0295.html BID:29322 URL:http://www.securityfocus.com/bid/29322 OVAL:oval:org.mitre.oval:def:8850 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850 SECUNIA:30354 URL:http://secunia.com/advisories/30354 SECUNIA:30341 URL:http://secunia.com/advisories/30341 VUPEN:ADV-2008-1600 URL:http://www.vupen.com/english/advisories/2008/1600 SECTRACK:1020079 URL:http://securitytracker.com/id?1020079 XF:vsftpd-denyfile-dos(42593) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42593
Assigning CNA
N/A
Date Entry Created
20071114	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071114)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org