CVE-2011-0762

NameCVE-2011-0762
DescriptionThe vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2305-1
NVD severitymedium (attack range: remote)
Debian Bugs622741
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vsftpd (PTS)squeeze, squeeze (security)2.3.2-3+squeeze2fixed
wheezy2.3.5-3fixed
jessie3.0.2-17fixed
stretch, sid3.0.2-19fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vsftpdsource(unstable)2.3.4-1medium622741
vsftpdsourcelenny2.0.7-1+lenny1medium
vsftpdsourcesqueeze2.3.2-3+squeeze2medium

Search for package or bug name: Reporting problems