MDVSA-2011:049
- Package name
- vsftpd
- Date
- 2011-03-21
- Advisory ID
- MDVSA-2011:049
- Affected versions
- 2009.0 x86_64 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , 2010.1 x86_64
Problem description
A vulnerability was discovered and corrected in vsftpd:
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3
allows remote authenticated users to cause a denial of service (CPU
consumption and process slot exhaustion) via crafted glob expressions
in STAT commands in multiple FTP sessions, a different vulnerability
than CVE-2010-2632 (CVE-2011-0762).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
Updated packages
2009.0 x86_64
c06224a723b0962125971c3a0b78f60f 2009.0/x86_64/vsftpd-2.0.7-1.1mdv2009.0.x86_64.rpm 6797692c31d8510670e6ca9549b788f5 2009.0/SRPMS/vsftpd-2.0.7-1.1mdv2009.0.src.rpm
2010.0 x86_64
37e329f1af12df81afd238576ded9dd6 2010.0/x86_64/vsftpd-2.1.2-2.1mdv2010.0.x86_64.rpm 49fe47a2d746a315d9d48dbf6f81ac28 2010.0/SRPMS/vsftpd-2.1.2-2.1mdv2010.0.src.rpm
2010.1 i586
7a0693ee7b212c39a16866120f6da209 2010.1/i586/vsftpd-2.2.2-4.1mdv2010.2.i586.rpm 94d699ea3f2def51b14873e5563afa48 2010.1/SRPMS/vsftpd-2.2.2-4.1mdv2010.2.src.rpm
2010.0 i586
b28e1d800220a07367d27731ec59b6aa 2010.0/i586/vsftpd-2.1.2-2.1mdv2010.0.i586.rpm 49fe47a2d746a315d9d48dbf6f81ac28 2010.0/SRPMS/vsftpd-2.1.2-2.1mdv2010.0.src.rpm
2009.0 i586
af75c955fe2f0066443dd066c92e5934 2009.0/i586/vsftpd-2.0.7-1.1mdv2009.0.i586.rpm 6797692c31d8510670e6ca9549b788f5 2009.0/SRPMS/vsftpd-2.0.7-1.1mdv2009.0.src.rpm
2010.1 x86_64
18bbb78b80cb91e5a3f4d4db4d661693 2010.1/x86_64/vsftpd-2.2.2-4.1mdv2010.2.x86_64.rpm 94d699ea3f2def51b14873e5563afa48 2010.1/SRPMS/vsftpd-2.2.2-4.1mdv2010.2.src.rpm