PublicDateAtUSN: 2011-10-10
Candidate: CVE-2011-2189
PublicDate: 2011-10-10 10:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2189
 https://ubuntu.com/security/notices/USN-1288-1
Description:
 net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not
 properly handle a high rate of creation and cleanup of network namespaces,
 which makes it easier for remote attackers to cause a denial of service
 (memory consumption) via requests to a daemon that requires a separate
 namespace per connection, as demonstrated by vsftpd.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373
 https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/790863
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_vsftpd:
 vendor: http://www.debian.org/security/2011/dsa-2305
upstream_vsftpd: released (2.3.4-1)
hardy_vsftpd: ignored (code-not-present)
lucid_vsftpd: released (2.2.2-3ubuntu6.3)
maverick_vsftpd: released (2.3.0~pre2-4ubuntu2.3)
natty_vsftpd: released (2.3.2-3ubuntu4.1)
oneiric_vsftpd: released (2.3.2-3ubuntu5.1)
devel_vsftpd: not-affected (2.3.4-1ubuntu1)