The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of vsftpd

computer vulnerability note CVE-2015-1419

vsftpd: bypassing deny_hosts

Synthesis of the vulnerability

An attacker can bypass the deny_hosts directive of vsftpd, in order to access to forbidden files.
Impacted products: openSUSE, SUSE Linux Enterprise Desktop, SLES, vsftpd.
Severity: 2/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: internet client.
Creation date: 03/02/2015.
Identifiers: 915522, CVE-2015-1419, openSUSE-SU-2015:0079-1, openSUSE-SU-2015:0428-1, SUSE-SU-2015:0136-1, VIGILANCE-VUL-16099.

Description of the vulnerability

The deny_file directive of the vsftpd.conf file is used to restrict the access to a file. For example "deny_file=/home/*".

However, using for example the syntax "/./home/", an attacker can access to files located under "/home".

An attacker can therefore bypass the deny_hosts directive of vsftpd, in order to access to forbidden files.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 11192

vsftpd: buffer overflow via TimeZone

Synthesis of the vulnerability

An attacker can use a glibc vulnerability, in order to create a buffer overflow inside a chroot jail of vsftpd.
Impacted products: Slackware, vsftpd.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 05/12/2011.
Identifiers: BID-51013, SSA:2012-041-05, VIGILANCE-VUL-11192.

Description of the vulnerability

The VIGILANCE-VUL-11191 bulletin describes a vulnerability of the glibc: an attacker can create a malicious TimeZone file, in order to execute code in an application linked to the glibc.

The vsftpd daemon can be compiled with a vulnerable version of the glibc. In this case, in order to exploit the above vulnerability, the attacker has to create a malicious /home/ftp/usr/share/zoneinfo/UTC-01:00 file located in the /home/ftp chroot, and can then query timing information via the FTP LIST command for example. The vsftpd daemon then loads the TimeZone /usr/share/zoneinfo/UTC-01:00 file, which is the malicious file located in the chroot jail. A buffer overflow then occurs, and can lead to code execution inside the jail.

An attacker can therefore use a glibc vulnerability, in order to create a buffer overflow inside a chroot jail of vsftpd. A kernel vulnerability could then be used to escape from the jail.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-2523

vsftpd: backdoor in version 2.3.4

Synthesis of the vulnerability

A backdoor was added in the source code of vsftpd 2.3.4.
Impacted products: vsftpd.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 04/07/2011.
Revision date: 05/07/2011.
Identifiers: BID-48539, CVE-2011-2523, VIGILANCE-VUL-10805.

Description of the vulnerability

The source code of the FTP vsftpd server is hosted on the vsftpd.beasts.org site.

However, between the 30th of June 2011 and the 3rd of July 2011, a backdoor was added in the source code. This backdoor detects if the login starts by ":)", and then opens a shell on the port 6200/tcp.

A remote attacker can therefore use this backdoor, in order to access to the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-0762

vsftpd: denial of service via a pattern

Synthesis of the vulnerability

An attacker can use a special file name, in order to force vsftpd to consume a lot of processor resources.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, SLES, vsftpd.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 16/02/2011.
Revision date: 01/03/2011.
Identifiers: BID-46617, CVE-2011-0762, DSA-2305-1, FEDORA-2011-2590, FEDORA-2011-2615, MDVSA-2011:049, openSUSE-SU-2011:0435-1, RHSA-2011:0337-01, SUSE-SR:2011:009, VIGILANCE-VUL-10375, VU#590604.

Description of the vulnerability

A vsftpd client can use a regular expression in order to search a filename. For example:
  LIST file*.txt

However, this regular expression can be constructed to use a deep recursion. For example:
  LIST {{*},...}
  LIST {{*},{{*},...}}
  LIST {{*},{{*},{{*},...}}}
  etc.

An attacker can therefore use a special file name, in order to force vsftpd to consume a lot of processor resources.

This vulnerability is different from VIGILANCE-VUL-10010.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2009-4457

Vsftpd Webmin Module: vulnerability

Synthesis of the vulnerability

A vulnerability was announced in the Vsftpd module for Webmin.
Impacted products: vsftpd, Webmin.
Severity: 1/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 30/12/2009.
Identifiers: BID-41443, CVE-2009-4457, VIGILANCE-VUL-9319.

Description of the vulnerability

The Vsftpd module for Webmin is used to administer the FTP site via a web interface.

A vulnerability was announced in the Vsftpd module for Webmin.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-2375

vsftpd: denial of service during authentication

Synthesis of the vulnerability

A remote attacker can try several authentications in order to create a denial of service.
Impacted products: NLD, OES, RHEL, SLES, vsftpd.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 25/07/2008.
Identifiers: 197141, BID-30364, CVE-2008-2375, RHSA-2008:0579-01, RHSA-2008:0680-01, VIGILANCE-VUL-7971.

Description of the vulnerability

Before version 2.0.5, the vsftpd FTP server did not limit the number of authentication trials.

During authentication a memory area is not freed. An attacker can therefore try several authentications in a same FTP session in order to use all the memory of the process. Technical details are not known.

A remote attacker can therefore try several authentications in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2003-0135

Absence de support tcp_wrappers dans vsftpd

Synthesis of the vulnerability

Le démon vsftpd fourni avec certaines versions Red Hat Linux 9 n'est pas compilé avec le support tcp_wrappers.
Impacted products: RedHat Linux, vsftpd.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet server.
Creation date: 02/04/2003.
Identifiers: BID-7253, CVE-2003-0135, RHSA-2003:084, V6-LINUXVSFTPDTCPWRAPPER, VIGILANCE-VUL-3429.

Description of the vulnerability

Le serveur FTP vsftpd (Very Secure FTPd) implémente le protocole FTP avec un objectif de performance et de sécurité. Il contient donc peu de fonctionnalités. Ainsi, lorsque l'administrateur désire filtrer les clients, il doit l'employer avec xinetd ou tcp_wrapper.

Cependant, le paquetage vsftpd de certaines versions Red Hat Linux 9 n'est pas compilé avec le support pour tcp_wrapper. Les règles mises en place par l'administrateur ne sont donc pas appliquées.

Cette vulnérabilité permet à un attaquant de se connecter le serveur malgré le fait que son adresse IP puisse être configurée pour être bloquée.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about vsftpd: