CVE-2011-0762 PoC — Beasts vsftpd 资源管理错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2011/CVE-2011-0762.yaml

Associated Vulnerability

Title:Beasts vsftpd 资源管理错误漏洞 (CVE-2011-0762)
Description:vsftpd是一款用于类Unix系统的FTP（文件传输协议）服务器。 vsftpd 2.3.3之前版本中的ls.c中的vsf_filename_passes_filter函数中存在资源管理错误漏洞。远程认证用户可以借助多个FTP会话的STAT命令中的特制glob表达式导致拒绝服务（CPU消耗和进程槽耗尽）。

Description

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

File Snapshot


 id: CVE-2011-0762

info:
  name: vsftpd < 2.3.3 - DoS
  author: pussycat0x
  severity: medium
  desc

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!