Paketname
vsftpd
Datum
2011-03-21
Advisory ID
MDVSA-2011:049
Betroffene Versionen
2009.0 x86_64 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , 2010.1 x86_64

Problembeschreibung

A vulnerability was discovered and corrected in vsftpd:

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3
allows remote authenticated users to cause a denial of service (CPU
consumption and process slot exhaustion) via crafted glob expressions
in STAT commands in multiple FTP sessions, a different vulnerability
than CVE-2010-2632 (CVE-2011-0762).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2009.0 x86_64

 c06224a723b0962125971c3a0b78f60f  2009.0/x86_64/vsftpd-2.0.7-1.1mdv2009.0.x86_64.rpm 
 6797692c31d8510670e6ca9549b788f5  2009.0/SRPMS/vsftpd-2.0.7-1.1mdv2009.0.src.rpm

2010.0 x86_64

 37e329f1af12df81afd238576ded9dd6  2010.0/x86_64/vsftpd-2.1.2-2.1mdv2010.0.x86_64.rpm 
 49fe47a2d746a315d9d48dbf6f81ac28  2010.0/SRPMS/vsftpd-2.1.2-2.1mdv2010.0.src.rpm

2010.1 i586

 7a0693ee7b212c39a16866120f6da209  2010.1/i586/vsftpd-2.2.2-4.1mdv2010.2.i586.rpm 
 94d699ea3f2def51b14873e5563afa48  2010.1/SRPMS/vsftpd-2.2.2-4.1mdv2010.2.src.rpm

2010.0 i586

 b28e1d800220a07367d27731ec59b6aa  2010.0/i586/vsftpd-2.1.2-2.1mdv2010.0.i586.rpm 
 49fe47a2d746a315d9d48dbf6f81ac28  2010.0/SRPMS/vsftpd-2.1.2-2.1mdv2010.0.src.rpm

2009.0 i586

 af75c955fe2f0066443dd066c92e5934  2009.0/i586/vsftpd-2.0.7-1.1mdv2009.0.i586.rpm 
 6797692c31d8510670e6ca9549b788f5  2009.0/SRPMS/vsftpd-2.0.7-1.1mdv2009.0.src.rpm

2010.1 x86_64

 18bbb78b80cb91e5a3f4d4db4d661693  2010.1/x86_64/vsftpd-2.2.2-4.1mdv2010.2.x86_64.rpm 
 94d699ea3f2def51b14873e5563afa48  2010.1/SRPMS/vsftpd-2.2.2-4.1mdv2010.2.src.rpm

Referenzen