Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2632 — Sunos vulnerability

9 documents7 sources
Severity
7.8HIGHNVD
EPSS
4.2%
top 11.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Sunos
Timeline
PublishedJan 19
Latest updateMay 17

Description

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

â–¶NVDsun/sunos4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-3h26-w882-gmrp: Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability↗2022-05-17
â–¶
CVEList
CVE-2010-2632: Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability↗2011-01-19
â–¶

💥Exploits & PoCs

2
Exploit-DB
libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)↗2010-10-07
â–¶
Nuclei
vsftpd < 2.3.3 - DoS
â–¶

📋Vendor Advisories

4
BSD
FreeBSD-SA-13:02.libc: glob(3) related resource exhaustion↗2013-02-19
â–¶
Red Hat
vsftpd: remote DoS via crafted glob pattern↗2011-03-01
â–¶
Red Hat
openssh: remote DoS in sftp via crafted glob expressions↗2011-01-03
â–¶
Red Hat
glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions↗2010-10-07
â–¶
CVE-2010-2632 — SUN Sunos vulnerability | cvebase