CVE-2008-2375

Severity CVSS v4.0:
Pending analysis
Type:
CWE-399 Resource Management Errors
Publication date:
09/07/2008
Last modified:
09/04/2025

Description

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:vsftpd:0.0.13:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools