Skip to navigation

Security Advisory Important: vsftpd security update

Advisory: RHSA-2011:0337-1
Type: Security Advisory
Severity: Important
Issued on: 2011-03-09
Last updated on: 2011-03-09
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.6.z server)
Red Hat Enterprise Linux Long Life (v. 5.6 server)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-0762

Details

An updated vsftpd package that fixes one security issue is now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP
server for Linux, UNIX, and similar operating systems.

A flaw was discovered in the way vsftpd processed file name patterns. An
FTP user could use this flaw to cause the vsftpd process to use an
excessive amount of CPU time, when processing a request with a
specially-crafted file name pattern. (CVE-2011-0762)

All vsftpd users should upgrade to this updated package, which contains a
backported patch to correct this issue. The vsftpd daemon must be restarted
for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
vsftpd-2.0.5-16.el5_6.1.src.rpm
File outdated by:  RHBA-2013:0025
    MD5: 0cd81e4f77b3236f8534c0782ff612ee
SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
 
IA-32:
vsftpd-2.0.5-16.el5_6.1.i386.rpm
File outdated by:  RHBA-2013:0025
    MD5: 569985a2fb74e8e1d143a5855c31d612
SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313
 
x86_64:
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2013:0025
    MD5: 857a2ef7bb9445cd21ec2534c421c857
SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
vsftpd-2.0.5-16.el5_6.1.src.rpm
File outdated by:  RHBA-2013:0025
    MD5: 0cd81e4f77b3236f8534c0782ff612ee
SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
 
IA-32:
vsftpd-2.0.5-16.el5_6.1.i386.rpm
File outdated by:  RHBA-2013:0025
    MD5: 569985a2fb74e8e1d143a5855c31d612
SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313
 
IA-64:
vsftpd-2.0.5-16.el5_6.1.ia64.rpm
File outdated by:  RHBA-2013:0025
    MD5: d0bd592b1e7d85478a872b453a484b4d
SHA-256: 078abfeb3de1451c77287c2542648d846f462ca2867a1ac686d873f2909750bb
 
PPC:
vsftpd-2.0.5-16.el5_6.1.ppc.rpm
File outdated by:  RHBA-2013:0025
    MD5: ca4e00ae71c181e289d8cb2ed67a9c5e
SHA-256: 6eb55810ec0daa8345d22419b61815a252e0fbaa7ac102a1c6076ed392cc1d5d
 
s390x:
vsftpd-2.0.5-16.el5_6.1.s390x.rpm
File outdated by:  RHBA-2013:0025
    MD5: adc77028f8636c2c5b504e270a01feca
SHA-256: f2ffe00edf0a02d87b00b65cce8a408e1a331160406ae4d41ef6bafbe2112601
 
x86_64:
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2013:0025
    MD5: 857a2ef7bb9445cd21ec2534c421c857
SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
vsftpd-2.0.1-9.el4.src.rpm     MD5: 699afdf7b2eeafa77bf9234f3e418f2b
SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
 
IA-32:
vsftpd-2.0.1-9.el4.i386.rpm     MD5: bf17e1d6c9e9d1c297e218ae9b13ac99
SHA-256: 1ba3df8fd3c978d45e7ef83cf16e788130938b4f911f1cb26ffd23fb08fa7df0
 
IA-64:
vsftpd-2.0.1-9.el4.ia64.rpm     MD5: add68da4d6657da7260718d687b14ce0
SHA-256: 0e919bcda474d833b26e82feeb3f3dc3e9eb64bbf18d2f03fecd513e75220bea
 
PPC:
vsftpd-2.0.1-9.el4.ppc.rpm     MD5: 244c3539a7b16fd5ba6db8d30fb6d9fc
SHA-256: 5468a07d4ffabea08e28790728cb6d78cfdc48e8398edc2d487ee17ff8dcf2c0
 
s390:
vsftpd-2.0.1-9.el4.s390.rpm     MD5: 41e1d555831fba5a5b234bc26713619d
SHA-256: 16bfc7436099bc70623d134009fa029ce399c5a55c0398e7a9c9785712aa286d
 
s390x:
vsftpd-2.0.1-9.el4.s390x.rpm     MD5: 134f15bd889204fd824cab908d2654a3
SHA-256: 1acff350ae0372093301695e5ec7cd7ae0d0e9bc60d14c613fe0624f464d09f5
 
x86_64:
vsftpd-2.0.1-9.el4.x86_64.rpm     MD5: e13a5e3cc774b793127efba320d090a7
SHA-256: 440ef5d57806b76d1be02aab5109857969e9534ad7fc4d7b05269e318c6dd5c8
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
vsftpd-2.0.1-9.el4.src.rpm     MD5: 699afdf7b2eeafa77bf9234f3e418f2b
SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
 
IA-32:
vsftpd-2.0.1-9.el4.i386.rpm     MD5: bf17e1d6c9e9d1c297e218ae9b13ac99
SHA-256: 1ba3df8fd3c978d45e7ef83cf16e788130938b4f911f1cb26ffd23fb08fa7df0
 
IA-64:
vsftpd-2.0.1-9.el4.ia64.rpm     MD5: add68da4d6657da7260718d687b14ce0
SHA-256: 0e919bcda474d833b26e82feeb3f3dc3e9eb64bbf18d2f03fecd513e75220bea
 
PPC:
vsftpd-2.0.1-9.el4.ppc.rpm     MD5: 244c3539a7b16fd5ba6db8d30fb6d9fc
SHA-256: 5468a07d4ffabea08e28790728cb6d78cfdc48e8398edc2d487ee17ff8dcf2c0
 
s390:
vsftpd-2.0.1-9.el4.s390.rpm     MD5: 41e1d555831fba5a5b234bc26713619d
SHA-256: 16bfc7436099bc70623d134009fa029ce399c5a55c0398e7a9c9785712aa286d
 
s390x:
vsftpd-2.0.1-9.el4.s390x.rpm     MD5: 134f15bd889204fd824cab908d2654a3
SHA-256: 1acff350ae0372093301695e5ec7cd7ae0d0e9bc60d14c613fe0624f464d09f5
 
x86_64:
vsftpd-2.0.1-9.el4.x86_64.rpm     MD5: e13a5e3cc774b793127efba320d090a7
SHA-256: 440ef5d57806b76d1be02aab5109857969e9534ad7fc4d7b05269e318c6dd5c8
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
vsftpd-2.0.1-9.el4.src.rpm     MD5: 699afdf7b2eeafa77bf9234f3e418f2b
SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
 
IA-32:
vsftpd-2.0.1-9.el4.i386.rpm     MD5: bf17e1d6c9e9d1c297e218ae9b13ac99
SHA-256: 1ba3df8fd3c978d45e7ef83cf16e788130938b4f911f1cb26ffd23fb08fa7df0
 
IA-64:
vsftpd-2.0.1-9.el4.ia64.rpm     MD5: add68da4d6657da7260718d687b14ce0
SHA-256: 0e919bcda474d833b26e82feeb3f3dc3e9eb64bbf18d2f03fecd513e75220bea
 
x86_64:
vsftpd-2.0.1-9.el4.x86_64.rpm     MD5: e13a5e3cc774b793127efba320d090a7
SHA-256: 440ef5d57806b76d1be02aab5109857969e9534ad7fc4d7b05269e318c6dd5c8
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
vsftpd-2.0.1-9.el4.src.rpm     MD5: 699afdf7b2eeafa77bf9234f3e418f2b
SHA-256: b87a80c3ecb0a6d04c32ee7cef2dc098a69e592e957dc6641881f5fe7e077934
 
IA-32:
vsftpd-2.0.1-9.el4.i386.rpm     MD5: bf17e1d6c9e9d1c297e218ae9b13ac99
SHA-256: 1ba3df8fd3c978d45e7ef83cf16e788130938b4f911f1cb26ffd23fb08fa7df0
 
IA-64:
vsftpd-2.0.1-9.el4.ia64.rpm     MD5: add68da4d6657da7260718d687b14ce0
SHA-256: 0e919bcda474d833b26e82feeb3f3dc3e9eb64bbf18d2f03fecd513e75220bea
 
x86_64:
vsftpd-2.0.1-9.el4.x86_64.rpm     MD5: e13a5e3cc774b793127efba320d090a7
SHA-256: 440ef5d57806b76d1be02aab5109857969e9534ad7fc4d7b05269e318c6dd5c8
 
Red Hat Enterprise Linux EUS (v. 5.6.z server)

SRPMS:
vsftpd-2.0.5-16.el5_6.1.src.rpm
File outdated by:  RHBA-2013:0025
    MD5: 0cd81e4f77b3236f8534c0782ff612ee
SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
 
IA-32:
vsftpd-2.0.5-16.el5_6.1.i386.rpm     MD5: 569985a2fb74e8e1d143a5855c31d612
SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313
 
IA-64:
vsftpd-2.0.5-16.el5_6.1.ia64.rpm     MD5: d0bd592b1e7d85478a872b453a484b4d
SHA-256: 078abfeb3de1451c77287c2542648d846f462ca2867a1ac686d873f2909750bb
 
PPC:
vsftpd-2.0.5-16.el5_6.1.ppc.rpm     MD5: ca4e00ae71c181e289d8cb2ed67a9c5e
SHA-256: 6eb55810ec0daa8345d22419b61815a252e0fbaa7ac102a1c6076ed392cc1d5d
 
s390x:
vsftpd-2.0.5-16.el5_6.1.s390x.rpm     MD5: adc77028f8636c2c5b504e270a01feca
SHA-256: f2ffe00edf0a02d87b00b65cce8a408e1a331160406ae4d41ef6bafbe2112601
 
x86_64:
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm     MD5: 857a2ef7bb9445cd21ec2534c421c857
SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
 
Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
vsftpd-2.0.5-16.el5_6.1.src.rpm
File outdated by:  RHBA-2013:0025
    MD5: 0cd81e4f77b3236f8534c0782ff612ee
SHA-256: ce197444631c74d8fd879ad0bcf2e46cd0c16f8d13c7d3b3aa6eac8075413ff0
 
IA-32:
vsftpd-2.0.5-16.el5_6.1.i386.rpm     MD5: 569985a2fb74e8e1d143a5855c31d612
SHA-256: aa04f66133753a1c5d99ebbf682bf7d4f4b424c0c6fee74007e434f15de4a313
 
IA-64:
vsftpd-2.0.5-16.el5_6.1.ia64.rpm     MD5: d0bd592b1e7d85478a872b453a484b4d
SHA-256: 078abfeb3de1451c77287c2542648d846f462ca2867a1ac686d873f2909750bb
 
x86_64:
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm     MD5: 857a2ef7bb9445cd21ec2534c421c857
SHA-256: f6c48bc9f72a791559867173f0c363a113da573d3469ad9f54a485b4f1a2e8f2
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
vsftpd-2.2.2-6.el6_0.1.src.rpm
File outdated by:  RHBA-2013:0573
    MD5: 7c90224569e41f44387b2f216be018b0
SHA-256: 8791fcd12a8be3e3519b4ffaeee9dc7b9f6f51109f19b0776f2b08e0e81e69ef
 
IA-32:
vsftpd-2.2.2-6.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:0573
    MD5: 773bf10c45570e47c99d2894d444a99f
SHA-256: abe3a52b5519005f7d66314c4423093bbe6baf5ae4e2b3c52e4f6adec9eda668
vsftpd-debuginfo-2.2.2-6.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:0573
    MD5: eb3f4f196f510d4249489e159427f2bf
SHA-256: b15deb3a8a48844ae8c0041f8a701d8d656ca47a69810b7af23add14e43aa83f
 
PPC:
vsftpd-2.2.2-6.el6_0.1.ppc64.rpm
File outdated by:  RHBA-2013:0573
    MD5: 053b2a42a0383fcaedafaa56b4b3875c
SHA-256: a5563aea462b890db9d3330394f92685c6d09d64143ece9df120a099c8266895
vsftpd-debuginfo-2.2.2-6.el6_0.1.ppc64.rpm
File outdated by:  RHBA-2013:0573
    MD5: 07d3588fd23363711a67a2a60ed97c47
SHA-256: 1562545c7455b17a2d50676c6bd6ecbb737daf28e649a2bb51fc27f93d9bd2d8
 
s390x:
vsftpd-2.2.2-6.el6_0.1.s390x.rpm
File outdated by:  RHBA-2013:0573
    MD5: 65e5eb2f73cd6657eaec8545c56c7003
SHA-256: 08686a6997f891b480075480a550bc9b1bdfe9ec4613fbd35a42fd4c0d61f772
vsftpd-debuginfo-2.2.2-6.el6_0.1.s390x.rpm
File outdated by:  RHBA-2013:0573
    MD5: 0e9efaea9360534af4f3390e4b948c71
SHA-256: 1dd991de2922536189315a0f82d92e0d7383304968578a112a9de79bb16aaf7f
 
x86_64:
vsftpd-2.2.2-6.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:0573
    MD5: 7666d0839dec9bcd053ab772a7bbe493
SHA-256: 488ccbe36eb438181ed4717ba6bb10834c7a39531c9c1bf217f2647169bb34cb
vsftpd-debuginfo-2.2.2-6.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:0573
    MD5: ca9289e1b64f223ef85cd0ed903a9b35
SHA-256: c82c7680a0f33e450f724f99908386b73454a48a419246103bbcc1b07983f652
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
vsftpd-2.2.2-6.el6_0.1.src.rpm
File outdated by:  RHBA-2013:0573
    MD5: 7c90224569e41f44387b2f216be018b0
SHA-256: 8791fcd12a8be3e3519b4ffaeee9dc7b9f6f51109f19b0776f2b08e0e81e69ef
 
IA-32:
vsftpd-2.2.2-6.el6_0.1.i686.rpm     MD5: 773bf10c45570e47c99d2894d444a99f
SHA-256: abe3a52b5519005f7d66314c4423093bbe6baf5ae4e2b3c52e4f6adec9eda668
vsftpd-debuginfo-2.2.2-6.el6_0.1.i686.rpm     MD5: eb3f4f196f510d4249489e159427f2bf
SHA-256: b15deb3a8a48844ae8c0041f8a701d8d656ca47a69810b7af23add14e43aa83f
 
PPC:
vsftpd-2.2.2-6.el6_0.1.ppc64.rpm     MD5: 053b2a42a0383fcaedafaa56b4b3875c
SHA-256: a5563aea462b890db9d3330394f92685c6d09d64143ece9df120a099c8266895
vsftpd-debuginfo-2.2.2-6.el6_0.1.ppc64.rpm     MD5: 07d3588fd23363711a67a2a60ed97c47
SHA-256: 1562545c7455b17a2d50676c6bd6ecbb737daf28e649a2bb51fc27f93d9bd2d8
 
s390x:
vsftpd-2.2.2-6.el6_0.1.s390x.rpm     MD5: 65e5eb2f73cd6657eaec8545c56c7003
SHA-256: 08686a6997f891b480075480a550bc9b1bdfe9ec4613fbd35a42fd4c0d61f772
vsftpd-debuginfo-2.2.2-6.el6_0.1.s390x.rpm     MD5: 0e9efaea9360534af4f3390e4b948c71
SHA-256: 1dd991de2922536189315a0f82d92e0d7383304968578a112a9de79bb16aaf7f
 
x86_64:
vsftpd-2.2.2-6.el6_0.1.x86_64.rpm     MD5: 7666d0839dec9bcd053ab772a7bbe493
SHA-256: 488ccbe36eb438181ed4717ba6bb10834c7a39531c9c1bf217f2647169bb34cb
vsftpd-debuginfo-2.2.2-6.el6_0.1.x86_64.rpm     MD5: ca9289e1b64f223ef85cd0ed903a9b35
SHA-256: c82c7680a0f33e450f724f99908386b73454a48a419246103bbcc1b07983f652
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
vsftpd-2.2.2-6.el6_0.1.src.rpm
File outdated by:  RHBA-2013:0573
    MD5: 7c90224569e41f44387b2f216be018b0
SHA-256: 8791fcd12a8be3e3519b4ffaeee9dc7b9f6f51109f19b0776f2b08e0e81e69ef
 
IA-32:
vsftpd-2.2.2-6.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:0573
    MD5: 773bf10c45570e47c99d2894d444a99f
SHA-256: abe3a52b5519005f7d66314c4423093bbe6baf5ae4e2b3c52e4f6adec9eda668
vsftpd-debuginfo-2.2.2-6.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:0573
    MD5: eb3f4f196f510d4249489e159427f2bf
SHA-256: b15deb3a8a48844ae8c0041f8a701d8d656ca47a69810b7af23add14e43aa83f
 
x86_64:
vsftpd-2.2.2-6.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:0573
    MD5: 7666d0839dec9bcd053ab772a7bbe493
SHA-256: 488ccbe36eb438181ed4717ba6bb10834c7a39531c9c1bf217f2647169bb34cb
vsftpd-debuginfo-2.2.2-6.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:0573
    MD5: ca9289e1b64f223ef85cd0ed903a9b35
SHA-256: c82c7680a0f33e450f724f99908386b73454a48a419246103bbcc1b07983f652
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

681667 - CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/