Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0762

CWE-400 — Uncontrolled Resource Consumption11 documents10 sources

Severity

4.0MEDIUM

EPSS

45.3%

top 2.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vsftpd Project Vsftpd Canonical Ubuntu Linux Debian Debian Linux +3 more

Timeline

PublishedMar 2

Latest updateMay 17

Description

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶NVDvsftpd_project/vsftpd< 2.3.3

▶Debianvsftpd< 2.3.4-1+3

▶NVDopensuse/opensuse11.2, 11.3, 11.4+2

▶NVDsuse/linux_enterprise_server10, 11, 9+2

Also affects: Debian Linux 5.0, 6.0, 7.0, Fedora 13, 14, 15, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-jh3r-4mfv-pjv8: The vsf_filename_passes_filter function in ls↗2022-05-17

▶

OSV

CVE-2011-0762: The vsf_filename_passes_filter function in ls↗2011-03-02

▶

CVEList

CVE-2011-0762: The vsf_filename_passes_filter function in ls↗2011-03-02

▶

💥Exploits & PoCs

Exploit-DB

vsftpd 2.3.2 - Denial of Service↗2011-03-02

▶

Nuclei

vsftpd < 2.3.3 - DoS

▶

📋Vendor Advisories

Ubuntu

vsftpd vulnerability↗2011-03-29

▶

Red Hat

vsftpd: remote DoS via crafted glob pattern↗2011-03-01

▶

Debian

CVE-2011-0762: vsftpd - The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows re...↗2011

▶

💬Community

Bugzilla

CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern [fedora-all]↗2011-03-03

▶

Bugzilla

CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern↗2011-03-02

▶