CVE-2004-2259
published 2004-12-31CVE-2004-2259: vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is…
PriorityP413medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.07%
79.1th percentile
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beasts | vsftpd | — | — |
| beasts | vsftpd | — | — |
| debian | vsftpd | < vsftpd 2.0.1-1 (bookworm) | vsftpd 2.0.1-1 (bookworm) |
| vsftpd_project | vsftpd | >= 0 < 2.0.1-1 | 2.0.1-1 |
| vsftpd_project | vsftpd | >= 0 < 2.0.1-1 | 2.0.1-1 |
| vsftpd_project | vsftpd | >= 0 < 2.0.1-1 | 2.0.1-1 |
| vsftpd_project | vsftpd | >= 0 < 2.0.1-1 | 2.0.1-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5vjh-22qr-j29m: vsftpd before 1
ghsa_unreviewed·2022-05-03
CVE-2004-2259 [MEDIUM] GHSA-5vjh-22qr-j29m: vsftpd before 1
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
OSV
CVE-2004-2259: vsftpd before 1
osv·2004-12-31·CVSS 5.0
CVE-2004-2259 [MEDIUM] CVE-2004-2259: vsftpd before 1
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
Red Hat
security flaw
vendor_redhat·2004-03-25·CVSS 5.0
CVE-2004-2259 [MEDIUM] security flaw
security flaw
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
Debian
CVE-2004-2259: vsftpd - vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial o...
vendor_debian·2004·CVSS 5.0
CVE-2004-2259 [MEDIUM] CVE-2004-2259: vsftpd - vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial o...
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
Scope: local
bookworm: resolved (fixed in 2.0.1-1)
bullseye: resolved (fixed in 2.0.1-1)
forky: resolved (fixed in 2.0.1-1)
sid: resolved (fixed in 2.0.1-1)
trixie: resolved (fixed in 2.0.1-1)
No detection rules found.
No public exploits indexed.
CWE
Signal Handler Race Condition
mitre_cwe
CWE-364 Signal Handler Race Condition
CWE-364: Signal Handler Race Condition
The product uses a signal handler that introduces a race condition.
Race conditions frequently occur in signal handlers, since signal handlers support asynchronous actions. These race conditions have a variety of root causes and symptoms. Attackers may be able to exploit a signal handler race condition to cause the product state to be corrupted, possibly leading to a denial of service or even code execution. These issues occur when non-reentrant functions, or state-sensitive actions occur in the signal handler, where they may be called at any time. These behaviors can violate assumptions being made by the "regular" code that is interrupted, or by other signal handlers that may also be invoked. If these functions are called at an inopportune moment -
CWE
Signal Handler Use of a Non-reentrant Function
mitre_cwe
CWE-479 Signal Handler Use of a Non-reentrant Function
CWE-479: Signal Handler Use of a Non-reentrant Function
The product defines a signal handler that calls a non-reentrant function.
Non-reentrant functions are functions that cannot safely be called, interrupted, and then recalled before the first call has finished without resulting in memory corruption. This can lead to an unexpected system state and unpredictable results with a variety of potential consequences depending on context, including denial of service and code execution. Many functions are not reentrant, but some of them can result in the corruption of memory if they are used in a signal handler. The function call syslog() is an example of this. In order to perform its functionality, it allocates a small amount of memory as "scratch space." If syslog() is suspended by a signal c
CWE
Use of a Non-reentrant Function in a Concurrent Context
mitre_cwe·CVSS 3.7
[LOW] CWE-663 Use of a Non-reentrant Function in a Concurrent Context
CWE-663: Use of a Non-reentrant Function in a Concurrent Context
The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Other. Impact: Modify Memory, Read Memory, Modify Application Data, Read Application Data, Alter Execution Logic.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building
CWE
Signal Handler with Functionality that is not Asynchronous-Safe
mitre_cwe
CWE-828 Signal Handler with Functionality that is not Asynchronous-Safe
CWE-828: Signal Handler with Functionality that is not Asynchronous-Safe
The product defines a signal handler that contains code sequences that are not asynchronous-safe, i.e., the functionality is not reentrant, or it can be interrupted.
This can lead to an unexpected system state with a variety of potential consequences depending on context, including denial of service and code execution. Signal handlers are typically intended to interrupt normal functionality of a program, or even other signals, in order to notify the process of an event. When a signal handler uses global or static variables, or invokes functions that ultimately depend on such state or its associated metadata, then it could corrupt system state that is being used by normal functionality. This could subject the program
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-1.2.2/Changeloghttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119136http://rhn.redhat.com/errata/RHBA-2004-164.htmlhttp://secunia.com/advisories/11680http://secunia.com/advisories/11736http://www.osvdb.org/6306http://www.securityfocus.com/bid/10394https://exchange.xforce.ibmcloud.com/vulnerabilities/16222https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11049ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-1.2.2/Changeloghttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119136http://rhn.redhat.com/errata/RHBA-2004-164.htmlhttp://secunia.com/advisories/11680http://secunia.com/advisories/11736http://www.osvdb.org/6306http://www.securityfocus.com/bid/10394https://exchange.xforce.ibmcloud.com/vulnerabilities/16222https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11049
2004-12-31
Published