CVE-2008-2375

Description

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

Software From Fixed in
redhat / vsftpd 0.0.1 0.0.1.x
redhat / vsftpd 0.0.10 0.0.10.x
redhat / vsftpd 0.0.11 0.0.11.x
redhat / vsftpd 0.0.12 0.0.12.x
redhat / vsftpd 0.0.13 0.0.13.x
redhat / vsftpd 0.0.14 0.0.14.x
redhat / vsftpd 0.0.15 0.0.15.x
redhat / vsftpd 0.0.2 0.0.2.x
redhat / vsftpd 0.0.3 0.0.3.x
redhat / vsftpd 0.0.4 0.0.4.x
redhat / vsftpd 0.0.5 0.0.5.x
redhat / vsftpd 0.0.6 0.0.6.x
redhat / vsftpd 0.0.7 0.0.7.x
redhat / vsftpd 0.0.8 0.0.8.x
redhat / vsftpd 0.0.9 0.0.9.x
redhat / vsftpd 0.9.0 0.9.0.x
redhat / vsftpd 0.9.1 0.9.1.x
redhat / vsftpd 0.9.2 0.9.2.x
redhat / vsftpd 0.9.3 0.9.3.x
redhat / vsftpd 1.1.0 1.1.0.x
redhat / vsftpd 1.1.1 1.1.1.x
redhat / vsftpd 1.1.2 1.1.2.x
redhat / vsftpd 1.1.3 1.1.3.x
redhat / vsftpd 1.2.0 1.2.0.x
redhat / vsftpd 1.2.1 1.2.1.x
redhat / vsftpd 1.2.2 1.2.2.x
redhat / vsftpd 2.0.0 2.0.0.x
redhat / vsftpd 2.0.1 2.0.1.x
redhat / vsftpd 2.0.2 2.0.2.x
redhat / vsftpd 2.0.3 2.0.3.x
redhat / vsftpd 2.0.4 2.0.4.x