This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
The version of vsftpd as shipped in Scientific Linux 3 when used in
combination with Pluggable Authentication Modules (PAM) had a memory
leak on an invalid authentication attempt. Since vsftpd prior to
version 2.0.5 allows any number of invalid attempts on the same
connection this memory leak could lead to an eventual DoS.
This update mitigates this security issue by including a backported
patch which terminates a session after a given number of failed log in
attempts. The default number of attempts is 3 and this can be
configured using the 'max_login_fails' directive.
See also :
Update the affected vsftpd package.
Risk factor :
High / CVSS Base Score : 7.1