Ubuntu Update For Vsftpd USN-1288-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1288-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that the 2.6.35 and earlier Linux kernel does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) in applications that require a separate namespace per connection, like vsftpd. This update adjusts vsftpd to only use network namespaces on kernels that are known to be not affected.

Affected

vsftpd on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2011-2189

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Ubuntu Update for bash USN-2380-1
Ubuntu Update for bind9 vulnerabilities USN-418-1
Ubuntu Update for cupsys vulnerabilities USN-563-1
Ubuntu Update for apt USN-1215-1
Ubuntu Update for bind9 USN-1657-1

Ubuntu Update for vsftpd USN-1288-1

Take action and discover your vulnerabilities