oss-sec mailing list archives

Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)

From: Michail Litvak <mci () owl openwall com>
Date: Fri, 18 Jul 2008 00:10:52 +0300

Hello Jonathan Smith! 

 Wed, May 21, 2008 at 11:34:42AM -0800, smithj wrote about "Re: [oss-security] vsftpd CVE-2007-5962 (Red Hat / Fedora 
specific)":

Tomas Hoger wrote:
| This is just a heads-up.  We are releasing updated vsftpd packages
| containing a fix for a minor memory leak identified by CVE-2007-5962.

The memory leak itself is CVE-2007-5962? Or is the CVE for the original
issue where deny_hosts didn't work as expected? It doesn't seem to be
public.


As I understand RH released patch to fix problem with deny_file
statement (not hosts) -- https://bugzilla.redhat.com/show_bug.cgi?id=174764

But introduce memory leak (CVE-2007-5962) and release package with
fixed version of their patch.

Please correct me if I make mistake, but seems this is a typo and
You mean deny_file, not deny_hosts.

-- 
//ShaD0w

Current thread:

Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Michail Litvak (Jul 17)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Jonathan Smith (Jul 20)