CVSS: 7.1EPSS: 9%CPEs: 33EXPL: 1CVE-2008-2375 – older vsftpd authentication memory leak
https://notcve.org/view.php?id=CVE-2008-2375
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. Fuga de memoria en cierta implementación de Red Hat de vsftpd anterior a 2.0.5 en Red Hat Enterprise Linux (RHEL) 3 y 4, cuando se utiliza PAM, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante un gran número de intentos de autenticación no válidos en la misma sesión. Se trata de una vulnerabilidad diferente de CVE-2007-5962. • http://secunia.com/advisories/31007 http://secunia.com/advisories/31223 http://secunia.com/advisories/32263 http://support.avaya.com/elmodocs2/security/ASA-2008-398.htm http://wiki.rpath.com/Advisories:rPSA-2008-0217 http://www.openwall.com/lists/oss-security/2008/06/30/2 http://www.redhat.com/support/errata/RHSA-2008-0579.html http://www.redhat.com/support/errata/RHSA-2008-0680.html http://www.securityfocus.com/archive/1/494081/100/0/threaded http://www.securityf • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.0EPSS: 18%CPEs: 2EXPL: 0CVE-2004-2259
https://notcve.org/view.php?id=CVE-2004-2259
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. • ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-1.2.2/Changelog http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119136 http://rhn.redhat.com/errata/RHBA-2004-164.html http://secunia.com/advisories/11680 http://secunia.com/advisories/11736 http://www.osvdb.org/6306 http://www.securityfocus.com/bid/10394 https://exchange.xforce.ibmcloud.com/vulnerabilities/16222 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11049 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0042
https://notcve.org/view.php?id=CVE-2004-0042
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. vsftpd 1.1.3 genera diferentes mensajes de error dependiendo de si existe o no un nombre de usuario válido, lo que permite que atacantes remotos identifiquen nombres de usuarios válidos. • http://securitytracker.com/id?1008628 •