Mandriva Linux Security Advisory : vsftpd (MDVSA-2011:049)
Medium Nessus Plugin ID 52747
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability was discovered and corrected in vsftpd :
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632 (CVE-2011-0762).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct this issue.
SolutionUpdate the affected vsftpd package.