Main Vulnerability Database Exploits ID:9084 - Exploit for Denial of service in vsftpd - CVE-2011-0762

ID:9084 - Exploit for Denial of service in vsftpd - CVE-2011-0762

Published: May 30, 2023

Vulnerability identifier: #VU311

Vulnerability risk: Low

CVE-ID: CVE-2011-0762

CWE-ID: CWE-400

Exploitation vector: Remote access

Vulnerable software:
vsftpd

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/dos/ftp/vsftpd_232

Vulnerability description

The vulnerability allows a remote attacker to cause a denial of service (DoS) attack.

The vulnerability exists due to an error in vsf_filename_passes_filter() function in ls.c file, when parsing glob expressions in STAT commands. A remote authenticated attacker can consume a large amount of CPU resources by creating multiple FTP sessions and sending specially crafted STAT commands.

Successful exploitation of the vulnerability may result in denial of service attack of entire system.

Remediation

Install the latest version 2.3.3 from vendor's website.

ID:9084 - Exploit for Denial of service in vsftpd - CVE-2011-0762

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human