7.1

CVE-2008-2375

Exploit

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatVsftpd Version0.0.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.3
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.4
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.5
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.6
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.7
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.8
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.9
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.10
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.11
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.12
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.13
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.14
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.0.15
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.9.0
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.9.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.9.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version0.9.3
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.1.0
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.1.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.1.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.1.3
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.2.0
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.2.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version1.2.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.0
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.1
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.2
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.3
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
RedhatVsftpd Version2.0.4
   RedhatEnterprise Linux Version3.0
   RedhatEnterprise Linux Version4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.72% 0.868
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C