Rapid7 Vulnerability & Exploit Database

RHSA-2008:0295: vsftpd security and bug fix update

Back to Search

RHSA-2008:0295: vsftpd security and bug fix update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
05/22/2008
Created
07/25/2018
Added
05/22/2008
Modified
07/04/2017

Description

The vsftpd package includes a Very Secure File Transfer Protocol (FTP)daemon.A memory leak was discovered in the vsftpd daemon. An attacker who is ableto connect to an FTP service, either as an authenticated or anonymous user,could cause vsftpd to allocate all available memory if the "deny_file"option was enabled in vsftpd.conf. (CVE-2007-5962)As well, this updated package fixes following bugs:500 OOPS: reading non-root config fileThis has been resolved in this updated package.All vsftpd users are advised to upgrade to this updated package, whichresolves these issues.

Solution(s)

  • redhat-upgrade-vsftpd

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;