Scientific Linux Security Update : vsftpd on SL4.x, SL5.x, SL6.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

A flaw was discovered in the way vsftpd processed file name patterns.
An FTP user could use this flaw to cause the vsftpd process to use an
excessive amount of CPU time, when processing a request with a
specially crafted file name pattern. (CVE-2011-0762)

The vsftpd daemon must be restarted for this update to take effect.

See also :

http://www.nessus.org/u?2cee57f5

Solution :

Update the affected vsftpd package.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60986 ()

Bugtraq ID:

CVE ID: CVE-2011-0762