Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:0337

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69218

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:0337

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:0337.

vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP
server for Linux, UNIX, and similar operating systems.

A flaw was discovered in the way vsftpd processed file name patterns. An
FTP user could use this flaw to cause the vsftpd process to use an
excessive amount of CPU time, when processing a request with a
specially-crafted file name pattern. (CVE-2011-0762)

All vsftpd users should upgrade to this updated package, which contains a
backported patch to correct this issue. The vsftpd daemon must be restarted
for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0337.html

Risk factor : Medium

CVSS Score:
4.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0762
BugTraq ID: 46617
http://www.securityfocus.com/bid/46617
Bugtraq: 20110301 vsftpd 2.3.2 remote denial-of-service (Google Search)
http://www.securityfocus.com/archive/1/516748/100/0/threaded
CERT/CC vulnerability note: VU#590604
http://www.kb.cert.org/vuls/id/590604
Debian Security Information: DSA-2305 (Google Search)
http://www.debian.org/security/2011/dsa-2305
http://www.exploit-db.com/exploits/16270
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html
HPdes Security Advisory: HPSBMU02752
http://marc.info/?l=bugtraq&m=133226187115472&w=2
HPdes Security Advisory: SSRT100802
http://jvn.jp/en/jp/JVN37417423/index.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:049
http://cxib.net/stuff/vspoc232.c
http://www.redhat.com/support/errata/RHSA-2011-0337.html
http://www.securitytracker.com/id?1025186
http://securityreason.com/securityalert/8109
http://securityreason.com/achievement_securityalert/95
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.ubuntu.com/usn/USN-1098-1
http://www.vupen.com/english/advisories/2011/0547
http://www.vupen.com/english/advisories/2011/0639
http://www.vupen.com/english/advisories/2011/0668
http://www.vupen.com/english/advisories/2011/0713
XForce ISS Database: vsftpd-vsffilenamepassesfilter-dos(65873)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65873

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69218
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0337
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0337. vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially-crafted file name pattern. (CVE-2011-0762) All vsftpd users should upgrade to this updated package, which contains a backported patch to correct this issue. The vsftpd daemon must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0337.html Risk factor : Medium CVSS Score: 4.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0762 BugTraq ID: 46617 http://www.securityfocus.com/bid/46617 Bugtraq: 20110301 vsftpd 2.3.2 remote denial-of-service (Google Search) http://www.securityfocus.com/archive/1/516748/100/0/threaded CERT/CC vulnerability note: VU#590604 http://www.kb.cert.org/vuls/id/590604 Debian Security Information: DSA-2305 (Google Search) http://www.debian.org/security/2011/dsa-2305 http://www.exploit-db.com/exploits/16270 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055957.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055882.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055881.html HPdes Security Advisory: HPSBMU02752 http://marc.info/?l=bugtraq&m=133226187115472&w=2 HPdes Security Advisory: SSRT100802 http://jvn.jp/en/jp/JVN37417423/index.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:049 http://cxib.net/stuff/vspoc232.c http://www.redhat.com/support/errata/RHSA-2011-0337.html http://www.securitytracker.com/id?1025186 http://securityreason.com/securityalert/8109 http://securityreason.com/achievement_securityalert/95 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.ubuntu.com/usn/USN-1098-1 http://www.vupen.com/english/advisories/2011/0547 http://www.vupen.com/english/advisories/2011/0639 http://www.vupen.com/english/advisories/2011/0668 http://www.vupen.com/english/advisories/2011/0713 XForce ISS Database: vsftpd-vsffilenamepassesfilter-dos(65873) https://exchange.xforce.ibmcloud.com/vulnerabilities/65873
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com