oss-sec mailing list archives
Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific)
From: Jonathan Smith <smithj () freethemallocs com>
Date: Wed, 21 May 2008 22:23:24 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steven M. Christey wrote: | On Wed, 21 May 2008, Josh Bressers wrote: | |> The leak is CVE-2007-5962. deny_hosts not working did not get a CVE id. | | Should it? If an admin configures deny_hosts in some fashion that vsftpd | doesn't implement correctly, that might be worthy of a CVE. I don't think rPath treated it as such when we originally added the patch, though. It would probably be worth adding it to our other branch and pushing it upstream as a security issue. So, yeah, I'd say it needs a CVE. Thanks. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkg1EVwACgkQCG91qXPaRel/yQCgrCYbog7T8HMCP0AmpY/oMGWg kGwAnAlkIiFG7LkTuE4TxKaN+8rBv72p =vEXX -----END PGP SIGNATURE-----
Current thread:
- vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Tomas Hoger (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Jonathan Smith (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Josh Bressers (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Steven M. Christey (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Jonathan Smith (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Josh Bressers (May 21)
- Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) Jonathan Smith (May 21)