VIR Vulnerability Intelligence Relay

CVE-2011-5033

medium
Published 2011-12-29 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.4

Description

Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-18225 dos linux
FoX HaCkEr ยท 2011-12-09

CSF Firewall - Buffer Overflow (PoC)

Source code queued for fetch โ€” refresh in a moment.

Application impact
VendorProductVersionsFixed
configserverconfigserver_security_firewall{"endIncluding":"5.42"}
configserverconfigserver_security_firewall5.00
configserverconfigserver_security_firewall5.01
configserverconfigserver_security_firewall5.02
configserverconfigserver_security_firewall5.03
configserverconfigserver_security_firewall5.04
configserverconfigserver_security_firewall5.05
configserverconfigserver_security_firewall5.06
configserverconfigserver_security_firewall5.07
configserverconfigserver_security_firewall5.08
configserverconfigserver_security_firewall5.09
configserverconfigserver_security_firewall5.10
configserverconfigserver_security_firewall5.11
configserverconfigserver_security_firewall5.12
configserverconfigserver_security_firewall5.13
configserverconfigserver_security_firewall5.14
configserverconfigserver_security_firewall5.15
configserverconfigserver_security_firewall5.16
configserverconfigserver_security_firewall5.17
configserverconfigserver_security_firewall5.18
configserverconfigserver_security_firewall5.19
configserverconfigserver_security_firewall5.20
configserverconfigserver_security_firewall5.21
configserverconfigserver_security_firewall5.22
configserverconfigserver_security_firewall5.30
configserverconfigserver_security_firewall5.31
configserverconfigserver_security_firewall5.32
configserverconfigserver_security_firewall5.33
configserverconfigserver_security_firewall5.34
configserverconfigserver_security_firewall5.35
configserverconfigserver_security_firewall5.36
configserverconfigserver_security_firewall5.37
configserverconfigserver_security_firewall5.38
configserverconfigserver_security_firewall5.39
configserverconfigserver_security_firewall5.40
configserverconfigserver_security_firewall5.41

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.