Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CentOS Update for vsftpd CESA-2008:0579 centos3 x86_64
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Check for the Version of vsftpd
Insight
Insight
vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux and Unix-like systems. The version of vsftpd as shipped in Red Hat Enterprise Linux 3 when used in combination with Pluggable Authentication Modules (PAM) had a memory leak on an invalid authentication attempt. Since vsftpd prior to version 2.0.5 allows any number of invalid attempts on the same connection this memory leak could lead to an eventual DoS. (CVE-2008-2375) This update mitigates this security issue by including a backported patch which terminates a session after a given number of failed log in attempts. The default number of attempts is 3 and this can be configured using the " max_login_fails" directive. All vsftpd users should upgrade to this updated package, which addresses this vulnerability.
Affected Software
Affected Software
vsftpd on CentOS 3
Solution
Solution
Please Install the Updated Packages.