Vulnerabilities > CVE-2011-0762 - Resource Exhaustion vulnerability in multiple products

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
vsftpd-project
canonical
fedoraproject
debian
opensuse
suse
CWE-400
nessus
exploit available

Summary

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Exploit-Db

descriptionvsftpd 2.3.2 - Denial of Service Vulnerability. CVE-2011-0762. Dos exploit for linux platform
fileexploits/linux/dos/16270.c
idEDB-ID:16270
last seen2016-02-01
modified2011-03-02
platformlinux
port
published2011-03-02
reporterMaksymilian Arciemowicz
sourcehttps://www.exploit-db.com/download/16270/
titlevsftpd 2.3.2 - Denial of Service Vulnerability
typedos

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-2615.NASL
    description - Thu Mar 3 2011 Jiri Skala <jskala at redhat.com> - 2.3.4-1 - update to latest upstream 2.3.4 - fixes #681935 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern - Mon May 17 2010 Jiri Skala <jskala at redhat.com> - 2.2.2-7 - when listen_ipv6=YES sets socket option to listen IPv6 only - Fri May 14 2010 Jiri Skala <jskala at redhat.com> - 2.2.2-6 - syscall(__NR_clone) replaced by clone() to fix incorrect order of params on s390 arch - Wed Apr 7 2010 Jiri Skala <jskala at redhat.com> - 2.2.2-5 - corrected daemonize_plus patch - don
    last seen2020-06-01
    modified2020-06-02
    plugin id52663
    published2011-03-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52663
    titleFedora 13 : vsftpd-2.3.4-1.fc13 (2011-2615)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-2615.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52663);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:34");
    
      script_cve_id("CVE-2011-0762");
      script_bugtraq_id(46617);
      script_xref(name:"FEDORA", value:"2011-2615");
    
      script_name(english:"Fedora 13 : vsftpd-2.3.4-1.fc13 (2011-2615)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Thu Mar 3 2011 Jiri Skala <jskala at redhat.com> -
        2.3.4-1
    
        - update to latest upstream 2.3.4
    
        - fixes #681935 - CVE-2011-0762 vsftpd: remote DoS via
          crafted glob pattern
    
        - Mon May 17 2010 Jiri Skala <jskala at redhat.com> -
          2.2.2-7
    
        - when listen_ipv6=YES sets socket option to listen IPv6
          only
    
        - Fri May 14 2010 Jiri Skala <jskala at redhat.com> -
          2.2.2-6
    
        - syscall(__NR_clone) replaced by clone() to fix
          incorrect order of params on s390 arch
    
        - Wed Apr 7 2010 Jiri Skala <jskala at redhat.com> -
          2.2.2-5
    
        - corrected daemonize_plus patch - don't try kill parent
          when vsftpd isn't daemonized
    
        - Tue Mar 16 2010 Jiri Skala <jskala at redhat.com> -
          2.2.2-4
    
        - fixes #544251 - /etc/rc.d/init.d/vsftpd does not start
          more than one daemon
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=681667"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dc2d56a3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected vsftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:vsftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"vsftpd-2.3.4-1.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vsftpd");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110309_VSFTPD_ON_SL4_X.NASL
    descriptionA flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially crafted file name pattern. (CVE-2011-0762) The vsftpd daemon must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60986
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60986
    titleScientific Linux Security Update : vsftpd on SL4.x, SL5.x, SL6.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60986);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:19");
    
      script_cve_id("CVE-2011-0762");
    
      script_name(english:"Scientific Linux Security Update : vsftpd on SL4.x, SL5.x, SL6.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Scientific Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was discovered in the way vsftpd processed file name patterns.
    An FTP user could use this flaw to cause the vsftpd process to use an
    excessive amount of CPU time, when processing a request with a
    specially crafted file name pattern. (CVE-2011-0762)
    
    The vsftpd daemon must be restarted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=8009
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2f535a3f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected vsftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"vsftpd-2.0.1-9.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"vsftpd-2.0.5-16.el5_6.1")) flag++;
    
    if (rpm_check(release:"SL6", reference:"vsftpd-2.2.2-6.el6_0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-049.NASL
    descriptionA vulnerability was discovered and corrected in vsftpd : The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632 (CVE-2011-0762). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id52747
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52747
    titleMandriva Linux Security Advisory : vsftpd (MDVSA-2011:049)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2011:049. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52747);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2011-0762");
      script_bugtraq_id(46617);
      script_xref(name:"MDVSA", value:"2011:049");
    
      script_name(english:"Mandriva Linux Security Advisory : vsftpd (MDVSA-2011:049)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandriva Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability was discovered and corrected in vsftpd :
    
    The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3
    allows remote authenticated users to cause a denial of service (CPU
    consumption and process slot exhaustion) via crafted glob expressions
    in STAT commands in multiple FTP sessions, a different vulnerability
    than CVE-2010-2632 (CVE-2011-0762).
    
    Packages for 2009.0 are provided as of the Extended Maintenance
    Program. Please visit this link to learn more:
    http://store.mandriva.com/product_info.php?cPath=149 products_id=490
    
    The updated packages have been patched to correct this issue."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected vsftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:vsftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2009.0", reference:"vsftpd-2.0.7-1.1mdv2009.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2010.0", reference:"vsftpd-2.1.2-2.1mdv2010.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2010.1", reference:"vsftpd-2.2.2-4.1mdv2010.2", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-2590.NASL
    description - Thu Mar 3 2011 Jiri Skala <jskala at redhat.com> - 2.3.4-1 - update to latest upstream 2.3.4 - fixes #681935 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52662
    published2011-03-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52662
    titleFedora 14 : vsftpd-2.3.4-1.fc14 (2011-2590)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-2590.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52662);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:34");
    
      script_cve_id("CVE-2011-0762");
      script_bugtraq_id(46617);
      script_xref(name:"FEDORA", value:"2011-2590");
    
      script_name(english:"Fedora 14 : vsftpd-2.3.4-1.fc14 (2011-2590)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Thu Mar 3 2011 Jiri Skala <jskala at redhat.com> -
        2.3.4-1
    
        - update to latest upstream 2.3.4
    
        - fixes #681935 - CVE-2011-0762 vsftpd: remote DoS via
          crafted glob pattern
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=681667"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?704094a7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected vsftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:vsftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"vsftpd-2.3.4-1.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vsftpd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12690.NASL
    descriptionCertain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service (CVE-2011-0762). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id53823
    published2011-05-06
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53823
    titleSuSE9 Security Update : vsftpd (YOU Patch Number 12690)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53823);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:40");
    
      script_cve_id("CVE-2011-0762");
    
      script_name(english:"SuSE9 Security Update : vsftpd (YOU Patch Number 12690)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Certain file patterns could cause vsftpd to consume excessive CPU
    resulting in denial of service (CVE-2011-0762). This has been fixed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0762.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12690.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"vsftpd-2.0.4-0.11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1098-1.NASL
    descriptionIt was discovered that vsftpd incorrectly handled certain glob expressions. A remote authenticated user could use a crafted glob expression to cause vftpd to consume all resources, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id53222
    published2011-03-30
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53222
    titleUbuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : vsftpd vulnerability (USN-1098-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1098-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53222);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2011-0762");
      script_bugtraq_id(46617);
      script_xref(name:"USN", value:"1098-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : vsftpd vulnerability (USN-1098-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that vsftpd incorrectly handled certain glob
    expressions. A remote authenticated user could use a crafted glob
    expression to cause vftpd to consume all resources, leading to a
    denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1098-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected vsftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vsftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(6\.06|8\.04|9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.10 / 10.04 / 10.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"vsftpd", pkgver:"2.0.4-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"vsftpd", pkgver:"2.0.6-1ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"vsftpd", pkgver:"2.2.0-1ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"vsftpd", pkgver:"2.2.2-3ubuntu6.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"vsftpd", pkgver:"2.3.0~pre2-4ubuntu2.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vsftpd");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-2567.NASL
    description - Bug #681667 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52675
    published2011-03-16
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52675
    titleFedora 15 : vsftpd-2.3.4-1.fc15 (2011-2567)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-2567.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52675);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:34");
    
      script_cve_id("CVE-2011-0762");
      script_bugtraq_id(46617);
      script_xref(name:"FEDORA", value:"2011-2567");
    
      script_name(english:"Fedora 15 : vsftpd-2.3.4-1.fc15 (2011-2567)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Bug #681667 - CVE-2011-0762 vsftpd: remote DoS via
        crafted glob pattern
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=681667"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?260522eb"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected vsftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:vsftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC15", reference:"vsftpd-2.3.4-1.fc15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vsftpd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_VSFTPD-110308.NASL
    descriptionCertain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service (CVE-2011-0762). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id53827
    published2011-05-06
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53827
    titleSuSE 11.1 Security Update : vsftpd (SAT Patch Number 4114)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_VSFTPD-7373.NASL
    descriptionCertain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service (CVE-2011-0762). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id53828
    published2011-05-06
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53828
    titleSuSE 10 Security Update : vsftpd (ZYPP Patch Number 7373)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0337.NASL
    descriptionAn updated vsftpd package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially crafted file name pattern. (CVE-2011-0762) All vsftpd users should upgrade to this updated package, which contains a backported patch to correct this issue. The vsftpd daemon must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id52617
    published2011-03-11
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52617
    titleCentOS 4 / 5 : vsftpd (CESA-2011:0337)
  • NASL familyFTP
    NASL idVSFTPD_2_3_3.NASL
    descriptionAccording to its self-reported version number, the instance of vsftpd listening on the remote server is earlier than 2.3.3 and, as such, may be affected by a denial of service vulnerability. An error exists in the function
    last seen2020-06-01
    modified2020-06-02
    plugin id52704
    published2011-03-17
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52704
    titlevsftpd vsf_filename_passes_filter Function Denial of Service
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_VSFTPD-110308.NASL
    descriptionCertain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service (CVE-2011-0762).
    last seen2020-06-01
    modified2020-06-02
    plugin id75769
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75769
    titleopenSUSE Security Update : vsftpd (openSUSE-SU-2011:0435-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_VSFTPD-7408.NASL
    descriptionCertain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service (CVE-2011-0762). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id57260
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57260
    titleSuSE 10 Security Update : vsftpd (ZYPP Patch Number 7408)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_VSFTPD-110308.NASL
    descriptionCertain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service (CVE-2011-0762).
    last seen2020-06-01
    modified2020-06-02
    plugin id76042
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76042
    titleopenSUSE Security Update : vsftpd (openSUSE-SU-2011:0435-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0337.NASL
    descriptionFrom Red Hat Security Advisory 2011:0337 : An updated vsftpd package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially crafted file name pattern. (CVE-2011-0762) All vsftpd users should upgrade to this updated package, which contains a backported patch to correct this issue. The vsftpd daemon must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68226
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68226
    titleOracle Linux 4 / 5 / 6 : vsftpd (ELSA-2011-0337)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-07 (vsftpd: Denial of Service) A Denial of Service vulnerability was discovered in vsftpd. Please review the CVE identifier referenced below for details. Impact : A remote authenticated attacker could cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56460
    published2011-10-12
    reporterThis script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56460
    titleGLSA-201110-07 : vsftpd: Denial of Service
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2305.NASL
    descriptionTwo security issue have been discovered that affect vsftpd, a lightweight, efficient FTP server written for security. - CVE-2011-2189 It was discovered that Linux kernels < 2.6.35 are considerably slower in releasing than in the creation of network namespaces. As a result of this and because vsftpd is using this feature as a security enhancement to provide network isolation for connections, it is possible to cause denial of service conditions due to excessive memory allocations by the kernel. This is technically no vsftpd flaw, but a kernel issue. However, this feature has legitimate use cases and backporting the specific kernel patch is too intrusive. Additionally, a local attacker requires the CAP_SYS_ADMIN capability to abuse this functionality. Therefore, as a fix, a kernel version check has been added to vsftpd in order to disable this feature for kernels < 2.6.35. - CVE-2011-0762 Maksymilian Arciemowicz discovered that vsftpd is incorrectly handling certain glob expressions in STAT commands. This allows a remote authenticated attacker to conduct denial of service attacks (excessive CPU and process slot exhaustion) via crafted STAT commands.
    last seen2020-03-17
    modified2011-09-20
    plugin id56231
    published2011-09-20
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56231
    titleDebian DSA-2305-1 : vsftpd - denial of service
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0337.NASL
    descriptionAn updated vsftpd package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially crafted file name pattern. (CVE-2011-0762) All vsftpd users should upgrade to this updated package, which contains a backported patch to correct this issue. The vsftpd daemon must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id52608
    published2011-03-10
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52608
    titleRHEL 4 / 5 / 6 : vsftpd (RHSA-2011:0337)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_VSFTPD-110308.NASL
    descriptionCertain file patterns could cause vsftpd to consume excessive CPU resulting in denial of service (CVE-2011-0762).
    last seen2020-06-01
    modified2020-06-02
    plugin id53825
    published2011-05-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53825
    titleopenSUSE Security Update : vsftpd (openSUSE-SU-2011:0435-1)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/98796/vsftpd232-dos.txt
idPACKETSTORM:98796
last seen2016-12-05
published2011-03-01
reporterMaksymilian Arciemowicz
sourcehttps://packetstormsecurity.com/files/98796/Vsftpd-2.3.2-Denial-Of-Service.html
titleVsftpd 2.3.2 Denial Of Service

Redhat

advisories
bugzilla
id681667
titleCVE-2011-0762 vsftpd: remote DoS via crafted glob pattern
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • commentvsftpd is earlier than 0:2.2.2-6.el6_0.1
      ovaloval:com.redhat.rhsa:tst:20110337001
    • commentvsftpd is signed with Red Hat redhatrelease2 key
      ovaloval:com.redhat.rhsa:tst:20110337002
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentvsftpd is earlier than 0:2.0.1-9.el4
      ovaloval:com.redhat.rhsa:tst:20110337004
    • commentvsftpd is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20080680002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentvsftpd is earlier than 0:2.0.5-16.el5_6.1
      ovaloval:com.redhat.rhsa:tst:20110337007
    • commentvsftpd is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20080295002
rhsa
idRHSA-2011:0337
released2011-03-09
severityImportant
titleRHSA-2011:0337: vsftpd security update (Important)
rpms
  • vsftpd-0:2.0.1-9.el4
  • vsftpd-0:2.0.5-16.el5_6.1
  • vsftpd-0:2.2.2-6.el6_0.1
  • vsftpd-debuginfo-0:2.0.1-9.el4
  • vsftpd-debuginfo-0:2.0.5-16.el5_6.1
  • vsftpd-debuginfo-0:2.2.2-6.el6_0.1

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 46617 CVE ID: CVE-2011-0762 vsftpd是Very Secure FTP daemon的缩写,是UNIX类平台上安全的FTP服务器。 vsftpd在处理ls.c时存在远程拒绝服务漏洞,远程攻击者可利用此漏洞造成受影响应用程序崩溃,拒绝服务合法用户。 Vsftpd 2.3.2 Vsftpd 2.3 厂商补丁: Vsftpd ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://vsftpd.beasts.org/
    idSSV:20359
    last seen2017-11-19
    modified2011-03-03
    published2011-03-03
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-20359
    titlevsftpd FTP Server &quot;ls.c&quot;远程拒绝服务漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:70793
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-70793
    titlevsftpd 2.3.2 - Denial of Service Vulnerability