Executive Summary
Summary | |
---|---|
Title | vsftpd security update |
Informations | |||
---|---|---|---|
Name | DSA-2305 | First vendor Publication | 2011-09-19 |
Vendor | Debian | Last vendor Modification | 2011-09-19 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Two security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security. CVE-2011-2189 It was discovered that Linux kernels < 2.6.35 are considerably slower in releasing than in the creation of network namespaces. As a result of this and because vsftpd is using this feature as a security enhancement to provide network isolation for connections, it is possible to cause denial of service conditions due to excessive memory allocations by the kernel. This is technically no vsftpd flaw, but a kernel issue. However, this feature has legitimate use cases and backporting the specific kernel patch is too intrusive. Additionally, a local attacker requires the CAP_SYS_ADMIN capability to abuse this functionality. Therefore, as a fix, a kernel version check has been added to vsftpd in order to disable this feature for kernels < 2.6.35. CVE-2011-0762 Maksymilian Arciemowicz discovered that vsftpd is incorrectly handling certain glob expressions in STAT commands. This allows a remote authenticated attacker to conduct denial of service attacks (excessive CPU and process slot exhaustion) via crafted STAT commands. For the oldstable distribution (lenny), this problem has been fixed in version 2.0.7-1+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 2.3.2-3+squeeze2. Please note that CVE-2011-2189 does not affect the lenny version. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.3.4-1. We recommend that you upgrade your vsftpd packages. |
Original Source
Url : http://www.debian.org/security/2011/dsa-2305 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13784 | |||
Oval ID: | oval:org.mitre.oval:def:13784 | ||
Title: | USN-1098-1 -- vsftpd vulnerability | ||
Description: | It was discovered that vsftpd incorrectly handled certain glob expressions. A remote authenticated user could use a crafted glob expression to cause vftpd to consume all resources, leading to a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1098-1 CVE-2011-0762 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 | Product(s): | vsftpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15164 | |||
Oval ID: | oval:org.mitre.oval:def:15164 | ||
Title: | DSA-2305-1 vsftpd -- denial of service | ||
Description: | Two security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security. CVE-2011-2189 It was discovered that Linux kernels less than 2.6.35 are considerably slower in releasing than in the creation of network namespaces. As a result of this and because vsftpd is using this feature as a security enhancement to provide network isolation for connections, it is possible to cause denial of service conditions due to excessive memory allocations by the kernel. This is technically no vsftpd flaw, but a kernel issue. However, this feature has legitimate use cases and backporting the specific kernel patch is too intrusive. Additionally, a local attacker requires the CAP_SYS_ADMIN capability to abuse this functionality. Therefore, as a fix, a kernel version check has been added to vsftpd in order to disable this feature for kernels less than 2.6.35. CVE-2011-0762 Maksymilian Arciemowicz discovered that vsftpd is incorrectly handling certain glob expressions in STAT commands. This allows a remote authenticated attacker to conduct denial of service attacks via crafted STAT commands. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2305-1 CVE-2011-0762 CVE-2011-2189 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | vsftpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15201 | |||
Oval ID: | oval:org.mitre.oval:def:15201 | ||
Title: | USN-1288-1 -- vsftpd vulnerability | ||
Description: | vsftpd: FTP server written for security Vsftpd or other applications could be made to crash if vsftpd received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1288-1 CVE-2011-2189 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | vsftpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21856 | |||
Oval ID: | oval:org.mitre.oval:def:21856 | ||
Title: | RHSA-2011:0337: vsftpd security update (Important) | ||
Description: | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0337-01 CVE-2011-0762 CESA-2011:0337-CentOS 5 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | vsftpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23346 | |||
Oval ID: | oval:org.mitre.oval:def:23346 | ||
Title: | ELSA-2011:0337: vsftpd security update (Important) | ||
Description: | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0337-01 CVE-2011-0762 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | vsftpd |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2011-03-02 | vsftpd 2.3.2 Denial of Service Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for vsftpd CESA-2011:0337 centos5 x86_64 File : nvt/gb_CESA-2011_0337_vsftpd_centos5_x86_64.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-07 (vsftpd) File : nvt/glsa_201110_07.nasl |
2011-12-09 | Name : Ubuntu Update for vsftpd USN-1288-1 File : nvt/gb_ubuntu_USN_1288_1.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2305-1 (vsftpd) File : nvt/deb_2305_1.nasl |
2011-08-09 | Name : CentOS Update for vsftpd CESA-2011:0337 centos5 i386 File : nvt/gb_CESA-2011_0337_vsftpd_centos5_i386.nasl |
2011-04-01 | Name : Ubuntu Update for vsftpd vulnerability USN-1098-1 File : nvt/gb_ubuntu_USN_1098_1.nasl |
2011-03-24 | Name : Fedora Update for vsftpd FEDORA-2011-2590 File : nvt/gb_fedora_2011_2590_vsftpd_fc14.nasl |
2011-03-24 | Name : Fedora Update for vsftpd FEDORA-2011-2615 File : nvt/gb_fedora_2011_2615_vsftpd_fc13.nasl |
2011-03-24 | Name : Mandriva Update for vsftpd MDVSA-2011:049 (vsftpd) File : nvt/gb_mandriva_MDVSA_2011_049.nasl |
2011-03-15 | Name : CentOS Update for vsftpd CESA-2011:0337 centos4 i386 File : nvt/gb_CESA-2011_0337_vsftpd_centos4_i386.nasl |
2011-03-15 | Name : RedHat Update for vsftpd RHSA-2011:0337-01 File : nvt/gb_RHSA-2011_0337-01_vsftpd.nasl |
2011-03-03 | Name : vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability File : nvt/gb_vsftpd_46617.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76805 | Linux Kernel net/core/net_namespace.c Network Namespace Cleanup Weakness Remo... |
73340 | vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | STAT overflow attempt RuleID : 1379-community - Revision : 23 - Type : PROTOCOL-FTP |
2014-01-10 | STAT overflow attempt RuleID : 1379 - Revision : 23 - Type : PROTOCOL-FTP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_vsftpd-110308.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_vsftpd-110308.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0337.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110309_vsftpd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_vsftpd-7408.nasl - Type : ACT_GATHER_INFO |
2011-12-07 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1288-1.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-07.nasl - Type : ACT_GATHER_INFO |
2011-09-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2305.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12690.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_vsftpd-110308.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_vsftpd-110308.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_vsftpd-7373.nasl - Type : ACT_GATHER_INFO |
2011-03-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1098-1.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-049.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote FTP server is prone to a denial of service attack. File : vsftpd_2_3_3.nasl - Type : ACT_GATHER_INFO |
2011-03-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2567.nasl - Type : ACT_GATHER_INFO |
2011-03-15 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2615.nasl - Type : ACT_GATHER_INFO |
2011-03-15 | Name : The remote Fedora host is missing a security update. File : fedora_2011-2590.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0337.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0337.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:30:25 |
|