MidnightBSD

Advisories for vsftpd_project

CVE-2011-0762 MEDIUM

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
vsftpd_project vsftpd *
fedoraproject fedora 14
debian debian_linux 5.0
fedoraproject fedora 13
opensuse opensuse 11.2
debian debian_linux 7.0
fedoraproject fedora 15
suse linux_enterprise_server 11
debian debian_linux 6.0
canonical ubuntu_linux 9.10
canonical ubuntu_linux 10.10
suse linux_enterprise_server 10
canonical ubuntu_linux 6.06
opensuse opensuse 11.3
canonical ubuntu_linux 10.04
canonical ubuntu_linux 8.04
opensuse opensuse 11.4
suse linux_enterprise_server 9
CVE-2015-1419 MEDIUM

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vsftpd_project vsftpd *
opensuse opensuse 13.2
opensuse opensuse 13.1
CVE-2021-30047

VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
vsftpd_project vsftpd 3.0.3
CVE-2021-3618 MEDIUM

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
sendmail sendmail *
vsftpd_project vsftpd *
fedoraproject fedora 35
fedoraproject fedora 34
f5 nginx *
debian debian_linux 10.0
fedoraproject fedora 33