Ubuntu Update For Vsftpd USN-1288-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1288-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that the 2.6.35 and earlier Linux kernel does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) in applications that require a separate namespace per connection, like vsftpd. This update adjusts vsftpd to only use network namespaces on kernels that are known to be not affected.

Affected

vsftpd on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2011-2189
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Ubuntu Update for Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities USN-896-1
Ubuntu Update for devscripts USN-1366-1
Ubuntu Update for coreutils USN-2473-1
Ubuntu Update for apt USN-1215-1
Ubuntu Update for bash USN-2363-2

Ubuntu Update for vsftpd USN-1288-1

Take action and discover your vulnerabilities