Lucene search

RedhatCVE-2008-2375

HistoryJul 09, 2008 - 12:41 a.m.

CVE-2008-2375

2008-07-0900:41:00

CWE-399

redhat

web.nvd.nist.gov

cve-2008-2375

memory leak

vsftpd

red hat enterprise linux

rhel

denial of service

vulnerability

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.3

Confidence

Low

EPSS

0.093

Percentile

94.8%

JSON

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

Affected configurations

Nvd

Node

redhatenterprise_linuxMatch3.0

redhatenterprise_linuxMatch4.0

AND

redhatvsftpdMatch0.0.1

redhatvsftpdMatch0.0.2

redhatvsftpdMatch0.0.3

redhatvsftpdMatch0.0.4

redhatvsftpdMatch0.0.5

redhatvsftpdMatch0.0.6

redhatvsftpdMatch0.0.7

redhatvsftpdMatch0.0.8

redhatvsftpdMatch0.0.9

redhatvsftpdMatch0.0.10

redhatvsftpdMatch0.0.11

redhatvsftpdMatch0.0.12

redhatvsftpdMatch0.0.13

redhatvsftpdMatch0.0.14

redhatvsftpdMatch0.0.15

redhatvsftpdMatch0.9.0

redhatvsftpdMatch0.9.1

redhatvsftpdMatch0.9.2

redhatvsftpdMatch0.9.3

redhatvsftpdMatch1.1.0

redhatvsftpdMatch1.1.1

redhatvsftpdMatch1.1.2

redhatvsftpdMatch1.1.3

redhatvsftpdMatch1.2.0

redhatvsftpdMatch1.2.1

redhatvsftpdMatch1.2.2

redhatvsftpdMatch2.0.0

redhatvsftpdMatch2.0.1

redhatvsftpdMatch2.0.2

redhatvsftpdMatch2.0.3

redhatvsftpdMatch2.0.4

VendorProductVersionCPE
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
redhatenterprise_linux4.0cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
redhatvsftpd0.0.1cpe:2.3:a:redhat:vsftpd:0.0.1:*:*:*:*:*:*:*
redhatvsftpd0.0.2cpe:2.3:a:redhat:vsftpd:0.0.2:*:*:*:*:*:*:*
redhatvsftpd0.0.3cpe:2.3:a:redhat:vsftpd:0.0.3:*:*:*:*:*:*:*
redhatvsftpd0.0.4cpe:2.3:a:redhat:vsftpd:0.0.4:*:*:*:*:*:*:*
redhatvsftpd0.0.5cpe:2.3:a:redhat:vsftpd:0.0.5:*:*:*:*:*:*:*
redhatvsftpd0.0.6cpe:2.3:a:redhat:vsftpd:0.0.6:*:*:*:*:*:*:*
redhatvsftpd0.0.7cpe:2.3:a:redhat:vsftpd:0.0.7:*:*:*:*:*:*:*
redhatvsftpd0.0.8cpe:2.3:a:redhat:vsftpd:0.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0:::::::*
redhat	enterprise_linux	4.0	cpe:2.3:o:redhat:enterprise_linux:4.0:::::::*
redhat	vsftpd	0.0.1	cpe:2.3:a:redhat:vsftpd:0.0.1:::::::*
redhat	vsftpd	0.0.2	cpe:2.3:a:redhat:vsftpd:0.0.2:::::::*
redhat	vsftpd	0.0.3	cpe:2.3:a:redhat:vsftpd:0.0.3:::::::*
redhat	vsftpd	0.0.4	cpe:2.3:a:redhat:vsftpd:0.0.4:::::::*
redhat	vsftpd	0.0.5	cpe:2.3:a:redhat:vsftpd:0.0.5:::::::*
redhat	vsftpd	0.0.6	cpe:2.3:a:redhat:vsftpd:0.0.6:::::::*
redhat	vsftpd	0.0.7	cpe:2.3:a:redhat:vsftpd:0.0.7:::::::*
redhat	vsftpd	0.0.8	cpe:2.3:a:redhat:vsftpd:0.0.8:::::::*