Scientific Linux: Important vsftpd Security Update for CPU Overload

Mar 10, 2011 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory important vsftpd scientific linux process threat

Important: vsftpd security update

Date: Thu, 10 Mar 2011 13:15:46 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA Important: vsftpd on SL4.x, SL5.x,
 SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

Synopsis:	Important: vsftpd security update
Issue date:	2011-03-09
CVE Names:	CVE-2011-0762

A flaw was discovered in the way vsftpd processed file name patterns. An
FTP user could use this flaw to cause the vsftpd process to use an
excessive amount of CPU time, when processing a request with a
specially-crafted file name pattern. (CVE-2011-0762)

The vsftpd daemon must be restarted for this update to take effect.

SL 4.x

 SRPMS:
vsftpd-2.0.1-9.el4.src.rpm
 i386:
vsftpd-2.0.1-9.el4.i386.rpm
 x86_64:
vsftpd-2.0.1-9.el4.x86_64.rpm

SL 5.x

 SRPMS:
vsftpd-2.0.5-16.el5_6.1.src.rpm
 i386:
vsftpd-2.0.5-16.el5_6.1.i386.rpm
 x86_64:
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm

SL 6.x

 SRPMS:
vsftpd-2.2.2-6.el6_0.1.src.rpm
 i386:
vsftpd-2.2.2-6.el6_0.1.i686.rpm
 x86_64:
vsftpd-2.2.2-6.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here