Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.61299 |
Category: | Red Hat Local Security Checks |
Title: | RedHat Security Advisory RHSA-2008:0579 |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing updates announced in advisory RHSA-2008:0579. vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux and Unix-like systems. The version of vsftpd as shipped in Red Hat Enterprise Linux 3 when used in combination with Pluggable Authentication Modules (PAM) had a memory leak on an invalid authentication attempt. Since vsftpd prior to version 2.0.5 allows any number of invalid attempts on the same connection this memory leak could lead to an eventual DoS. (CVE-2008-2375) This update mitigates this security issue by including a backported patch which terminates a session after a given number of failed log in attempts. The default number of attempts is 3 and this can be configured using the max_login_fails directive. All vsftpd users should upgrade to this updated package, which addresses this vulnerability. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0579.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.1 |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-2375 BugTraq ID: 30364 http://www.securityfocus.com/bid/30364 Bugtraq: 20080708 rPSA-2008-0217-1 vsftpd (Google Search) http://www.securityfocus.com/archive/1/494081/100/0/threaded http://www.openwall.com/lists/oss-security/2008/06/30/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10138 http://www.redhat.com/support/errata/RHSA-2008-0579.html http://www.redhat.com/support/errata/RHSA-2008-0680.html http://www.securitytracker.com/id?1020546 http://secunia.com/advisories/31007 http://secunia.com/advisories/31223 http://secunia.com/advisories/32263 http://www.vupen.com/english/advisories/2008/2820 |
Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |