#VU311 Denial of service in vsftpd - CVE-2011-0762

Cybersecurity Help s.r.o.

Published: 2016-08-15 | Updated: 2023-05-30

Vulnerability identifier: #VU311

Vulnerability risk: Low

CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2011-0762

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
vsftpd
Server applications / File servers (FTP/HTTP)

Vendor: vsftpd

Description

The vulnerability allows a remote attacker to cause a denial of service (DoS) attack.

The vulnerability exists due to an error in vsf_filename_passes_filter() function in ls.c file, when parsing glob expressions in STAT commands. A remote authenticated attacker can consume a large amount of CPU resources by creating multiple FTP sessions and sending specially crafted STAT commands.

Successful exploitation of the vulnerability may result in denial of service attack of entire system.

Mitigation
Install the latest version 2.3.3 from vendor's website.

Vulnerable software versions

vsftpd: 0.0.1 - 2.3.2

External links
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741
https://www.exploit-db.com/exploits/16270/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Ubuntu update for vsftpd

Gentoo update for vsftpd

Red Hat update for vsftpd

Denial of service in vsftpd