CVE-2007-5962 – vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption
https://notcve.org/view.php?id=CVE-2007-5962
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option. Filtrado de memoria en cierto parche de Red Hat, aplicado a vsftpd 2.0.5 vsftpd 2.0.5 sobre Red Hat Enterprise Linux (RHEL) 5, Fedora 6 a la 8, Foresight Linux y aplicaciones rPath, permite a atacantes remotos provocar una denegación de servicio (Consumo de memoria) a través una un gran número de comandos CWD, como se ha demostrado mediante un ataque al demonio con la opción de configuración deny_file. • https://www.exploit-db.com/exploits/5814 https://www.exploit-db.com/exploits/31818 https://www.exploit-db.com/exploits/31819 https://github.com/antogit-sys/CVE-2007-5962 http://secunia.com/advisories/30341 http://secunia.com/advisories/30354 http://securitytracker.com/id?1020079 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185 http://www.openwall.com/lists/oss-security/2008/05/21/10 http://www.openwall.com/lists/oss-security/2008/05/21/12 http://www • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2007-2438 – vim-7 modeline security issue
https://notcve.org/view.php?id=CVE-2007-2438
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. El sandbox para el vim permite funciones peligrosas como (1) writefile, (2) feedkeys, y (3) system, lo que permite a atacantes con la intervención del usuario la ejecución de comandos shell y escribir ficheros a través de modelines. • http://attrition.org/pipermail/vim/2007-May/001614.html http://marc.info/?l=vim-dev&m=117762581821298&w=2 http://marc.info/?l=vim-dev&m=117778983714029&w=2 http://osvdb.org/36250 http://secunia.com/advisories/25024 http://secunia.com/advisories/25159 http://secunia.com/advisories/25182 http://secunia.com/advisories/25255 http://secunia.com/advisories/25367 http://secunia.com/advisories/25432 http://secunia.com/advisories/26653 http://tech.groups.yahoo.com •