vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
BID:30364
Info
vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
| Bugtraq ID: | 30364 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2008-2375 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 24 2008 12:00AM |
| Updated: | Oct 14 2008 02:17PM |
| Credit: | This issue was disclosed in a Red Hat security advisory. |
| Vulnerable: |
Vsftpd Vsftpd 2.0.5 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Avaya SIP Enablement Services 3.1.2 Avaya SIP Enablement Services 4.0 Avaya Messaging Storage Server MSS 3.0 Avaya Message Networking MN 3.1 Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.0 Avaya Intuity AUDIX LX 2.0 Avaya EMMC 1.021 Avaya EMMC 1.017 Avaya EMMC 0 Avaya Communication Manager 4.0.3 SP1 Avaya Communication Manager 3.1.4 SP2 Avaya Communication Manager 5.1 Avaya Communication Manager 5.0 SP3 Avaya Communication Manager 5.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Aura SIP Enablement Services 3.1.1 Avaya Aura SIP Enablement Services 5.0 Avaya Aura SIP Enablement Services 3.1 |
| Not Vulnerable: | |
Discussion
vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability when used with Pluggable Authentication Modules (PAM).
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
Versions prior to vsftpd 2.0.5 are affected.
The 'vsftpd' FTP server is prone to a remote denial-of-service vulnerability when used with Pluggable Authentication Modules (PAM).
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
Versions prior to vsftpd 2.0.5 are affected.
Exploit / POC
vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
To exploit this issue, attackers can use readily available networking utilities.
To exploit this issue, attackers can use readily available networking utilities.
Solution / Fix
vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
Solution:
Fixes are available. Please see the references for more information.
Solution:
Fixes are available. Please see the references for more information.
References
vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
References:
References:
- Bugzilla Bug 453376: CVE-2008-2375 older vsftpd authentication memory leak (Red Hat)
- Vsftpd Homepage (Vsftpd)
- ASA-2008-398 - vsftpd security and bug fix update (RHSA-2008-0680) (Avaya)
- RHSA-2008:0579-2 Moderate: vsftpd security update (Red Hat)
- RHSA-2008:0680-11 Moderate: vsftpd security and bug fix update (Red Hat)