Issued:
2011-03-09
Updated:
2011-03-09

RHSA-2011:0337 - Security Advisory

Synopsis

Important: vsftpd security update

Type/Severity

Security Advisory: Important

Topic

An updated vsftpd package that fixes one security issue is now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP
server for Linux, UNIX, and similar operating systems.

A flaw was discovered in the way vsftpd processed file name patterns. An
FTP user could use this flaw to cause the vsftpd process to use an
excessive amount of CPU time, when processing a request with a
specially-crafted file name pattern. (CVE-2011-0762)

All vsftpd users should upgrade to this updated package, which contains a
backported patch to correct this issue. The vsftpd daemon must be restarted
for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.6 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 4.8 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.8 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.8 i386
  • Red Hat Enterprise Linux Server - AUS 5.6 ia64
  • Red Hat Enterprise Linux Server - AUS 5.6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 i386
  • Red Hat Enterprise Linux Server - AUS 5.6 x86_64

Fixes

  • BZ - 681667 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern

CVEs

References

Red Hat Enterprise Linux Server 6

SRPM
vsftpd-2.2.2-6.el6_0.1.src.rpm SHA-256: 8791fcd12a8be3e3519b4ffaeee9dc7b9f6f51109f19b0776f2b08e0e81e69ef
x86_64
vsftpd-2.2.2-6.el6_0.1.x86_64.rpm SHA-256: 488ccbe36eb438181ed4717ba6bb10834c7a39531c9c1bf217f2647169bb34cb
vsftpd-debuginfo-2.2.2-6.el6_0.1.x86_64.rpm SHA-256: c82c7680a0f33e450f724f99908386b73454a48a419246103bbcc1b07983f652
i386
vsftpd-2.2.2-6.el6_0.1.i686.rpm SHA-256: abe3a52b5519005f7d66314c4423093bbe6baf5ae4e2b3c52e4f6adec9eda668
vsftpd-debuginfo-2.2.2-6.el6_0.1.i686.rpm SHA-256: b15deb3a8a48844ae8c0041f8a701d8d656ca47a69810b7af23add14e43aa83f

Red Hat Enterprise Linux Server 5

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
x86_64
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
ia64
vsftpd-2.0.5-16.el5_6.1.ia64.rpm SHA-256: 078abfeb3de1451c77287c2542648d846f462ca2867a1ac686d873f2909750bb
i386
vsftpd-2.0.5-16.el5_6.1.i386.rpm SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313

Red Hat Enterprise Linux Server 4

SRPM
vsftpd-2.0.1-9.el4.src.rpm SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
x86_64
vsftpd-2.0.1-9.el4.x86_64.rpm SHA-256: 440ef5d57806b76d1be02aab5109857969e9534ad7fc4d7b05269e318c6dd5c8
vsftpd-2.0.1-9.el4.x86_64.rpm SHA-256: 440ef5d57806b76d1be02aab5109857969e9534ad7fc4d7b05269e318c6dd5c8
ia64
vsftpd-2.0.1-9.el4.ia64.rpm SHA-256: 0e919bcda474d833b26e82feeb3f3dc3e9eb64bbf18d2f03fecd513e75220bea
vsftpd-2.0.1-9.el4.ia64.rpm SHA-256: 0e919bcda474d833b26e82feeb3f3dc3e9eb64bbf18d2f03fecd513e75220bea
i386
vsftpd-2.0.1-9.el4.i386.rpm SHA-256: 1ba3df8fd3c978d45e7ef83cf16e788130938b4f911f1cb26ffd23fb08fa7df0
vsftpd-2.0.1-9.el4.i386.rpm SHA-256: 1ba3df8fd3c978d45e7ef83cf16e788130938b4f911f1cb26ffd23fb08fa7df0

Red Hat Enterprise Linux Server - Extended Update Support 5.6

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
x86_64
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
ia64
vsftpd-2.0.5-16.el5_6.1.ia64.rpm SHA-256: 078abfeb3de1451c77287c2542648d846f462ca2867a1ac686d873f2909750bb
i386
vsftpd-2.0.5-16.el5_6.1.i386.rpm SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313

Red Hat Enterprise Linux Server - Extended Update Support 4.8

SRPM
vsftpd-2.0.1-9.el4.src.rpm SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
x86_64
vsftpd-2.0.1-9.el4.x86_64.rpm SHA-256: 440ef5d57806b76d1be02aab5109857969e9534ad7fc4d7b05269e318c6dd5c8
vsftpd-2.0.1-9.el4.x86_64.rpm SHA-256: 440ef5d57806b76d1be02aab5109857969e9534ad7fc4d7b05269e318c6dd5c8
ia64
vsftpd-2.0.1-9.el4.ia64.rpm SHA-256: 0e919bcda474d833b26e82feeb3f3dc3e9eb64bbf18d2f03fecd513e75220bea
vsftpd-2.0.1-9.el4.ia64.rpm SHA-256: 0e919bcda474d833b26e82feeb3f3dc3e9eb64bbf18d2f03fecd513e75220bea
i386
vsftpd-2.0.1-9.el4.i386.rpm SHA-256: 1ba3df8fd3c978d45e7ef83cf16e788130938b4f911f1cb26ffd23fb08fa7df0
vsftpd-2.0.1-9.el4.i386.rpm SHA-256: 1ba3df8fd3c978d45e7ef83cf16e788130938b4f911f1cb26ffd23fb08fa7df0

Red Hat Enterprise Linux Server - AUS 5.6

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
x86_64
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
ia64
vsftpd-2.0.5-16.el5_6.1.ia64.rpm SHA-256: 078abfeb3de1451c77287c2542648d846f462ca2867a1ac686d873f2909750bb
i386
vsftpd-2.0.5-16.el5_6.1.i386.rpm SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313

Red Hat Enterprise Linux Workstation 6

SRPM
vsftpd-2.2.2-6.el6_0.1.src.rpm SHA-256: 8791fcd12a8be3e3519b4ffaeee9dc7b9f6f51109f19b0776f2b08e0e81e69ef
x86_64
vsftpd-2.2.2-6.el6_0.1.x86_64.rpm SHA-256: 488ccbe36eb438181ed4717ba6bb10834c7a39531c9c1bf217f2647169bb34cb
vsftpd-debuginfo-2.2.2-6.el6_0.1.x86_64.rpm SHA-256: c82c7680a0f33e450f724f99908386b73454a48a419246103bbcc1b07983f652
i386
vsftpd-2.2.2-6.el6_0.1.i686.rpm SHA-256: abe3a52b5519005f7d66314c4423093bbe6baf5ae4e2b3c52e4f6adec9eda668
vsftpd-debuginfo-2.2.2-6.el6_0.1.i686.rpm SHA-256: b15deb3a8a48844ae8c0041f8a701d8d656ca47a69810b7af23add14e43aa83f

Red Hat Enterprise Linux Workstation 5

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
x86_64
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
i386
vsftpd-2.0.5-16.el5_6.1.i386.rpm SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
vsftpd-2.2.2-6.el6_0.1.src.rpm SHA-256: 8791fcd12a8be3e3519b4ffaeee9dc7b9f6f51109f19b0776f2b08e0e81e69ef
s390x
vsftpd-2.2.2-6.el6_0.1.s390x.rpm SHA-256: 08686a6997f891b480075480a550bc9b1bdfe9ec4613fbd35a42fd4c0d61f772
vsftpd-debuginfo-2.2.2-6.el6_0.1.s390x.rpm SHA-256: 1dd991de2922536189315a0f82d92e0d7383304968578a112a9de79bb16aaf7f

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
s390x
vsftpd-2.0.5-16.el5_6.1.s390x.rpm SHA-256: f2ffe00edf0a02d87b00b65cce8a408e1a331160406ae4d41ef6bafbe2112601

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
vsftpd-2.0.1-9.el4.src.rpm SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
s390x
vsftpd-2.0.1-9.el4.s390x.rpm SHA-256: 1acff350ae0372093301695e5ec7cd7ae0d0e9bc60d14c613fe0624f464d09f5
s390
vsftpd-2.0.1-9.el4.s390.rpm SHA-256: 16bfc7436099bc70623d134009fa029ce399c5a55c0398e7a9c9785712aa286d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
s390x
vsftpd-2.0.5-16.el5_6.1.s390x.rpm SHA-256: f2ffe00edf0a02d87b00b65cce8a408e1a331160406ae4d41ef6bafbe2112601

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
vsftpd-2.0.1-9.el4.src.rpm SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
s390x
vsftpd-2.0.1-9.el4.s390x.rpm SHA-256: 1acff350ae0372093301695e5ec7cd7ae0d0e9bc60d14c613fe0624f464d09f5
s390
vsftpd-2.0.1-9.el4.s390.rpm SHA-256: 16bfc7436099bc70623d134009fa029ce399c5a55c0398e7a9c9785712aa286d

Red Hat Enterprise Linux for Power, big endian 6

SRPM
vsftpd-2.2.2-6.el6_0.1.src.rpm SHA-256: 8791fcd12a8be3e3519b4ffaeee9dc7b9f6f51109f19b0776f2b08e0e81e69ef
ppc64
vsftpd-2.2.2-6.el6_0.1.ppc64.rpm SHA-256: a5563aea462b890db9d3330394f92685c6d09d64143ece9df120a099c8266895
vsftpd-debuginfo-2.2.2-6.el6_0.1.ppc64.rpm SHA-256: 1562545c7455b17a2d50676c6bd6ecbb737daf28e649a2bb51fc27f93d9bd2d8

Red Hat Enterprise Linux for Power, big endian 5

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
ppc
vsftpd-2.0.5-16.el5_6.1.ppc.rpm SHA-256: 6eb55810ec0daa8345d22419b61815a252e0fbaa7ac102a1c6076ed392cc1d5d

Red Hat Enterprise Linux for Power, big endian 4

SRPM
vsftpd-2.0.1-9.el4.src.rpm SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
ppc
vsftpd-2.0.1-9.el4.ppc.rpm SHA-256: 5468a07d4ffabea08e28790728cb6d78cfdc48e8398edc2d487ee17ff8dcf2c0

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
ppc
vsftpd-2.0.5-16.el5_6.1.ppc.rpm SHA-256: 6eb55810ec0daa8345d22419b61815a252e0fbaa7ac102a1c6076ed392cc1d5d

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
vsftpd-2.0.1-9.el4.src.rpm SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
ppc
vsftpd-2.0.1-9.el4.ppc.rpm SHA-256: 5468a07d4ffabea08e28790728cb6d78cfdc48e8398edc2d487ee17ff8dcf2c0

Red Hat Enterprise Linux Server from RHUI 6

SRPM
vsftpd-2.2.2-6.el6_0.1.src.rpm SHA-256: 8791fcd12a8be3e3519b4ffaeee9dc7b9f6f51109f19b0776f2b08e0e81e69ef
x86_64
vsftpd-2.2.2-6.el6_0.1.x86_64.rpm SHA-256: 488ccbe36eb438181ed4717ba6bb10834c7a39531c9c1bf217f2647169bb34cb
vsftpd-debuginfo-2.2.2-6.el6_0.1.x86_64.rpm SHA-256: c82c7680a0f33e450f724f99908386b73454a48a419246103bbcc1b07983f652
i386
vsftpd-2.2.2-6.el6_0.1.i686.rpm SHA-256: abe3a52b5519005f7d66314c4423093bbe6baf5ae4e2b3c52e4f6adec9eda668
vsftpd-debuginfo-2.2.2-6.el6_0.1.i686.rpm SHA-256: b15deb3a8a48844ae8c0041f8a701d8d656ca47a69810b7af23add14e43aa83f

Red Hat Enterprise Linux Server from RHUI 5

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
x86_64
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
i386
vsftpd-2.0.5-16.el5_6.1.i386.rpm SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6

SRPM
vsftpd-2.0.5-16.el5_6.1.src.rpm SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
x86_64
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
i386
vsftpd-2.0.5-16.el5_6.1.i386.rpm SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.