Denial of Service Vulnerability in vsftpd FTP Server by Versatile Systems, Inc.
CVE-2011-0762

Currently unrated

Key Information:

Vendor

Vsftpd Project

Status
Vsftpd
Vendor
CVE Published:
2 March 2011

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 45%

What is CVE-2011-0762?

The vsftpd FTP server version 2.3.2 and earlier is vulnerable to a denial of service attack. This vulnerability allows remote authenticated users to exhaust CPU resources and process slots through carefully constructed glob expressions sent via the STAT command, potentially leading to service disruption. As multiple FTP sessions are exploited simultaneously, the server may become unresponsive, affecting legitimate users and operational efficiency. It is important for users of affected versions to apply updates or patches to mitigate this issue.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-0762
Created by s3mPr1linux

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://marc.info/?l=bugtraq&m=133226187115472&w=2
vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=133226187115472&w=2
vendor-advisoryx_refsource_HP

EPSS Score

45% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.