CVSS: 7.1EPSS: 9%CPEs: 33EXPL: 1CVE-2008-2375 – older vsftpd authentication memory leak
https://notcve.org/view.php?id=CVE-2008-2375
Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. Fuga de memoria en cierta implementación de Red Hat de vsftpd anterior a 2.0.5 en Red Hat Enterprise Linux (RHEL) 3 y 4, cuando se utiliza PAM, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante un gran número de intentos de autenticación no válidos en la misma sesión. Se trata de una vulnerabilidad diferente de CVE-2007-5962. • http://secunia.com/advisories/31007 http://secunia.com/advisories/31223 http://secunia.com/advisories/32263 http://support.avaya.com/elmodocs2/security/ASA-2008-398.htm http://wiki.rpath.com/Advisories:rPSA-2008-0217 http://www.openwall.com/lists/oss-security/2008/06/30/2 http://www.redhat.com/support/errata/RHSA-2008-0579.html http://www.redhat.com/support/errata/RHSA-2008-0680.html http://www.securityfocus.com/archive/1/494081/100/0/threaded http://www.securityf • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •