id: CVE-2011-0762 info: name: vsftpd < 2.3.3 - DoS author: pussycat0x severity: medium description: | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. impact: | Authenticated attackers can send crafted glob expressions in STAT commands across multiple FTP sessions to cause CPU consumption and process slot exhaustion, leading to denial of service on vsftpd servers. remediation: | Update vsftpd to version 2.3.3 or later that properly handles glob expressions in STAT commands and prevents resource exhaustion attacks. reference: - ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622741 - http://cxib.net/stuff/vspoc232.c - http://jvn.jp/en/jp/JVN37417423/index.html - http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P cvss-score: 4 cve-id: CVE-2011-0762 cwe-id: CWE-400 epss-score: 0.45278 epss-percentile: 0.97665 cpe: cpe:2.3:a:vsftpd_project:vsftpd:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: vsftpd_project product: vsftpd shodan-query: - vsftpd - product:"vsftpd" tags: cve,cve2011,network,ftp,vsftpd,tcp,passive,vuln tcp: - inputs: - data: 00000000 type: hex host: - "{{Hostname}}" port: 21 read-size: 1024 matchers: - type: dsl dsl: - "contains(raw, 'vsFTPd')" - "compare_versions(version, '< 2.3.3')" condition: and extractors: - type: regex group: 1 name: version regex: - "vsFTPd ([0-9.]+)" # digest: 4b0a00483046022100b34e437e6c1ba13f0faf3ed8b2baa2225b4c569b074eb85c0fe18936570f945c0221008c4a738ea3580624e4a2d1a3f649a0b87b7b976b6be87c4b29f4d546823086a0:922c64590222798bb761d5b6d8e72950