Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-5962

Disclosure Date: May 22, 2008
CVE-2007-5962
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • foresight linux,
  • redhat,
  • rpath

Products

  • appliance platform agent,
  • appliances,
  • enterprise linux 5.0,
  • fedora 6,
  • fedora 7,
  • fedora 8

References

Canonical
CVE-2007-5962 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5962)
BID-29322 (http://www.securityfocus.com/bid/29322)
Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185
FEDORA-2008-4347 (https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html)
SECUNIA-30341 (http://secunia.com/advisories/30341)
EXPLOIT-DB-5814 (https://www.exploit-db.com/exploits/5814)
SECUNIA-30354 (http://secunia.com/advisories/30354)
http://www.redhat.com/support/errata/RHSA-2008-0295.html
FEDORA-2008-4362 (https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html)
[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) (http://www.openwall.com/lists/oss-security/2008/05/21/10)
https://bugzilla.redhat.com/show_bug.cgi?id=397011
XF-vsftpd-denyfile-dos(42593) (https://exchange.xforce.ibmcloud.com/vulnerabilities/42593)
FEDORA-2008-4373 (https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html)
ADV-2008-1600 (http://www.vupen.com/english/advisories/2008/1600)
[oss-security] 20080521 Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) (http://www.openwall.com/lists/oss-security/2008/05/21/12)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850
[oss-security] 20080521 vsftpd CVE-2007-5962 (Red Hat / Fedora specific) (http://www.openwall.com/lists/oss-security/2008/05/21/8)
20080606 rPSA-2008-0185-1 vsftpd (http://www.securityfocus.com/archive/1/493167/100/0/threaded)
SECTRACK-1020079 (http://securitytracker.com/id?1020079)
Miscellaneous
https://access.redhat.com/errata/RHSA-2008:0295
https://access.redhat.com/security/cve/CVE-2007-5962

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis