vsftpd: Denial of Service — GLSA 201110-07

A Denial of Service vulnerability was found in vsftpd.

Affected Packages

net-ftp/vsftpd on all architectures
Affected versions < 2.3.4
Unaffected versions >= 2.3.4

Background

vsftpd is a very secure FTP daemon written with speed, size and security in mind.

Description

A Denial of Service vulnerability was discovered in vsftpd. Please review the CVE identifier referenced below for details.

Impact

A remote authenticated attacker could cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All vsftpd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-ftp/vsftpd-2.3.4"
 

References

Release Date
October 10, 2011

Latest Revision
October 10, 2011: 1

Severity
normal

Exploitable
remote

Bugzilla entries