Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5962

CWE-399CWE-401Memory Leak10 documents7 sources
Severity
7.1HIGH
EPSS
17.2%
top 4.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Redhat Enterprise LinuxRedhat Fedora
Timeline
PublishedMay 22
Latest updateMay 1

Description

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages0 packages

Also affects: Enterprise Linux 5.0, Fedora 6, 7, 8

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-67jj-2hgw-486p: Memory leak in a certain Red Hat patch, applied to vsftpd 22022-05-01
CVEList
CVE-2007-5962: Memory leak in a certain Red Hat patch, applied to vsftpd 22008-05-22

💥Exploits & PoCs

3
Exploit-DB
vsftpd 2.0.5 - 'CWD' (Authenticated) Remote Memory Consumption2008-06-14
Exploit-DB
vsftpd 2.0.5 - 'deny_file' Option Remote Denial of Service (2)2008-05-21
Exploit-DB
vsftpd 2.0.5 - 'deny_file' Option Remote Denial of Service (1)2008-05-21

📋Vendor Advisories

3
Red Hat
vsftpd: memory leak when deny_file option is set2008-05-21
Debian
CVE-2007-5962: vsftpd - Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enter...2007
Red Hat
older vsftpd authentication memory leak2006-06-28

💬Community

1
Bugzilla
CVE-2007-5962 vsftpd: memory leak when deny_file option is set2007-11-23