[QA][5.4] RHEL5 vulnerability to CVE-2009-5029

Issue

CVE-2009-5029 was fixed on RHEL6.2.z and is not fixed yet on any other versions.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=761245
Our partner has already confirmed this problem can be reproduced on RHEL5.4 and RHEL5.8 snapshot5.
Please answer the following three questions about it.

(1) How about the impact of this problem and what kind of programs are affected by this problem? The customer uses vsftpd, which is known as affected by this problem, on some of their systems. So they want to know whether this vulnerability is a serious problem for them or not and also are there other program they should care about, or not.

(2) What is the workaround of this problem? (if exist)

(3) Do you have a plan to fix this problem for RHEL5.x? If yes, where are you going to do so and for which version the async errata will be provided? If no, why you do not do so?

Environment

Red Hat Enterprise Linux 5 Update 4
Architecture: i686
Kernel Version: 2.6.18-164.el5PAE

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories