CVE-2007-5962

Red Hat Enterprise Linux 5 and Fedora 6-8 - Denial of Service via CWD Command Memory Leak

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2007-5962. PoCs published by Praveen Darshanam, Martin Nagy, antogit-sys.

AI-analyzed exploit summary This exploit targets a DoS vulnerability in vsftpd 2.0.5 by sending an infinite loop of CWD commands, causing the server to crash. It requires the 'deny_file' configuration option to be set in vsftpd.conf.

Description

Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Praveen Darshanam · perldoslinux
https://www.exploit-db.com/exploits/5814

This exploit targets a DoS vulnerability in vsftpd 2.0.5 by sending an infinite loop of CWD commands, causing the server to crash. It requires the 'deny_file' configuration option to be set in vsftpd.conf.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: vsftpd 2.0.5
Auth required
Prerequisites: vsftpd 2.0.5 with 'deny_file' configuration option enabled · network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Praveen Darshanam · perldoswindows
https://www.exploit-db.com/exploits/31819

This exploit targets a denial-of-service vulnerability in vsftpd 2.0.5 by sending an infinite loop of CWD commands, causing memory exhaustion and crashing the server. It requires the 'deny_file' configuration option to be set in vsftpd.conf.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: vsftpd 2.0.5
Auth required
Prerequisites: vsftpd with 'deny_file' configuration enabled · network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Martin Nagy · bashdoswindows
https://www.exploit-db.com/exploits/31818

This exploit targets a denial-of-service vulnerability in vsftpd by repeatedly sending CWD commands to exhaust memory. The script automates the attack by continuously switching directories, causing the server to crash due to improper memory management.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: vsftpd (versions affected by CVE-2007-5962)
No auth needed
Prerequisites: vsftpd server with vulnerable configuration · network access to the target FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by antogit-sys · poc
https://github.com/antogit-sys/CVE-2007-5962

This repository contains a functional Python exploit for CVE-2007-5962, a Denial-of-Service (DoS) vulnerability in vsftpd 2.0.5. The exploit repeatedly sends CWD commands to consume memory and crash the FTP daemon, requiring valid credentials for authentication.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: vsftpd 2.0.5
Auth required
Prerequisites: Firewall disabled or compromised · Valid FTP username and password · vsftpd 2.0.5 running on target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (18)

Core 18
Core References
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0185
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00681.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30341
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5814
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30354
Patch vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0295.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00691.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/05/21/10
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=397011
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42593
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00699.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1600
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/05/21/12
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29322
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8850
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/05/21/8
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/493167/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1020079

Scores

EPSS 0.1206
EPSS Percentile 95.6%

Details

CWE
CWE-399
Status published
Products (6)
foresight_linux/appliances
redhat/enterprise_linux 5.0
redhat/fedora 6
redhat/fedora 7
redhat/fedora 8
rpath/appliance_platform_agent
Published May 22, 2008
Tracked Since Feb 18, 2026