Advisories:rPSA-2008-0185

From rPath Wiki

rPath Security Advisory 2008-0185-1

Published: 2008-06-05

Products

• rPath Linux 2

Rating

Minor

Exposure Level Classification

Remote Non-deterministic Denial of Service

Updated Versions

• vsftpd=conary.rpath.com@rpl:2/2.0.6-2-0.1

rPath Issue Tracking System

• RPL-2562

References

• CVE-2007-5962

Description

Previous versions of the vsftpd package are vulnerable to a Denial

of Service attack in which remote attackers may be able to trigger

excessive memory consumption by issuing a large number of commands.

vsftpd is not installed by default on rPath Linux 2 systems, and the

default vsftpd.conf file provided with vsftpd does not establish a

vulnerable configuration; therefore only systems customized to include

and reconfigure vsftpd may be vulnerable.

Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html