CVE-2011-0762
CVE-2011-0762
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/s3mPr1linux/CVE-2011-0762★ 0cve_referencewww.exploit-db.com/exploits/16270unverifiedexploitdbwww.exploit-db.com/exploits/16270unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changeloghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741http://cxib.net/stuff/vspoc232.chttp://jvn.jp/en/jp/JVN37417423/index.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://marc.info/?l=bugtraq&m=133226187115472&w=2http://securityreason.com/achievement_securityalert/95http://securityreason.com/securityalert/8109https://exchange.xforce.ibmcloud.com/vulnerabilities/65873