7.1

CVE-2008-2375

Exploit
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatVsftpd Version0.0.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.3
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.4
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.5
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.6
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.7
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.8
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.9
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.10
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.11
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.12
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.13
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.14
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.15
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.9.0
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.9.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.9.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.9.3
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.1.0
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.1.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.1.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.1.3
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.2.0
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.2.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.2.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.0
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.3
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.4
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.72% 0.884
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/31007
http://secunia.com/advisories/31223
http://secunia.com/advisories/32263
http://support.avaya.com/elmodocs2/security/ASA-2008-398.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0217
http://www.openwall.com/lists/oss-security/2008/06/30/2
http://www.redhat.com/support/errata/RHSA-2008-0579.html
http://www.redhat.com/support/errata/RHSA-2008-0680.html
http://www.securityfocus.com/archive/1/494081/100/0/threaded
http://www.securityfocus.com/bid/30364
http://www.securitytracker.com/id?1020546
http://www.vupen.com/english/advisories/2008/2820
https://bugzilla.redhat.com/attachment.cgi?id=201051
Exploit
https://issues.rpath.com/browse/RPL-2640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10138