CVE-2007-5962

2008-05-2213:09:00

CWE-399

redhat

web.nvd.nist.gov

cve-2007-5962

memory leak

vsftpd

rhel 5

fedora 6

fedora 7

fedora 8

foresight linux

rpath

denial of service

cwd commands

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.2

Confidence

Low

EPSS

0.057

Percentile

93.4%

JSON

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

Affected configurations

Nvd

Node

redhatenterprise_linuxMatch5.0

redhatfedoraMatch6

redhatfedoraMatch7

redhatfedoraMatch8

AND

foresight_linuxappliances

rpathappliance_platform_agent

VendorProductVersionCPE
redhatenterprise_linux5.0cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
redhatfedora6cpe:2.3:o:redhat:fedora:6:*:*:*:*:*:*:*
redhatfedora7cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
redhatfedora8cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
foresight_linuxappliances*cpe:2.3:h:foresight_linux:appliances:*:*:*:*:*:*:*:*
rpathappliance_platform_agent*cpe:2.3:h:rpath:appliance_platform_agent:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux	5.0	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
redhat	fedora	6	cpe:2.3:o:redhat:fedora:6:::::::*
redhat	fedora	7	cpe:2.3:o:redhat:fedora:7:::::::*
redhat	fedora	8	cpe:2.3:o:redhat:fedora:8:::::::*
foresight_linux	appliances	*	cpe:2.3:h:foresight_linux:appliances::::::::
rpath	appliance_platform_agent	*	cpe:2.3:h:rpath:appliance_platform_agent::::::::