CVE-2010-2632
published 2011-01-19CVE-2010-2632: Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous…
PriorityP354high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
32.36%
98.1th percentile
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
Affected
113 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.6.7 | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | glibc | — | — |
| debian | vsftpd | < vsftpd 2.3.4-1 (bookworm) | vsftpd 2.3.4-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| netbsd | netbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openssh | <= 5.8 | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r3f6-ghj9-9mqf: The (1) remote_glob function in sftp-glob
ghsa_unreviewed·2022-05-17·CVSS 7.8
CVE-2010-4755 [HIGH] GHSA-r3f6-ghj9-9mqf: The (1) remote_glob function in sftp-glob
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
GHSA
GHSA-jh3r-4mfv-pjv8: The vsf_filename_passes_filter function in ls
ghsa_unreviewed·2022-05-17·CVSS 7.8
CVE-2011-0762 [HIGH] CWE-400 GHSA-jh3r-4mfv-pjv8: The vsf_filename_passes_filter function in ls
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
GHSA
GHSA-3h26-w882-gmrp: Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability
ghsa_unreviewed·2022-05-17
CVE-2010-2632 [HIGH] GHSA-3h26-w882-gmrp: Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
GHSA
GHSA-4f9r-wjj2-h7rm: The glob implementation in libc in FreeBSD 7
ghsa_unreviewed·2022-05-17·CVSS 7.8
CVE-2010-4754 [HIGH] GHSA-4f9r-wjj2-h7rm: The glob implementation in libc in FreeBSD 7
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
GHSA
GHSA-x2r9-jfjp-jvp9: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consu
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2010-4756 [HIGH] GHSA-x2r9-jfjp-jvp9: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consu
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
OSV
CVE-2010-4756: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consu
osv·2011-03-02·CVSS 7.8
CVE-2010-4756 [HIGH] CVE-2010-4756: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consu
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
OSV
CVE-2011-0762: The vsf_filename_passes_filter function in ls
osv·2011-03-02·CVSS 7.8
CVE-2011-0762 [HIGH] CVE-2011-0762: The vsf_filename_passes_filter function in ls
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
BSD
FreeBSD-SA-13:02.libc: glob(3) related resource exhaustion
bsd_advisories·2013-02-19·CVSS 7.8
CVE-2010-2632 [HIGH] FreeBSD-SA-13:02.libc: glob(3) related resource exhaustion
FreeBSD-SA-13:02.libc Security Advisory
The FreeBSD Project
Topic: glob(3) related resource exhaustion
Category: core
Module: libc
Announced: 2013-02-19
Affects: All supported versions of FreeBSD.
Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE)
2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12)
2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE)
2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6)
2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE)
2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6)
2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1)
CVE Name: CVE-2010-2632
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The glob(3) function is a
Red Hat
vsftpd: remote DoS via crafted glob pattern
vendor_redhat·2011-03-01·CVSS 7.8
CVE-2011-0762 [HIGH] vsftpd: remote DoS via crafted glob pattern
vsftpd: remote DoS via crafted glob pattern
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Red Hat
openssh: remote DoS in sftp via crafted glob expressions
vendor_redhat·2011-01-03·CVSS 7.8
CVE-2010-4755 [HIGH] openssh: remote DoS in sftp via crafted glob expressions
openssh: remote DoS in sftp via crafted glob expressions
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
Statement: We do not consider a denial of service flaw in a client application such as sftp to be a security issue.
Package: openssh (Red Hat Enterprise Linux 4) - Not affected
Package: openssh (Red Hat Enterprise Linux 5) - Not affected
Package: openssh (Red Hat E
Debian
CVE-2011-0762: vsftpd - The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows re...
vendor_debian·2011·CVSS 7.8
CVE-2011-0762 [HIGH] CVE-2011-0762: vsftpd - The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows re...
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Scope: local
bookworm: resolved (fixed in 2.3.4-1)
bullseye: resolved (fixed in 2.3.4-1)
forky: resolved (fixed in 2.3.4-1)
sid: resolved (fixed in 2.3.4-1)
trixie: resolved (fixed in 2.3.4-1)
Red Hat
glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
vendor_redhat·2010-10-07·CVSS 7.8
CVE-2010-4756 [HIGH] glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
Package: glibc (Red Hat Enterprise Linux 4) - Under investigation
Package: glibc (Red Hat Enterprise Linux 5) - Under investigation
Package: glibc (Red Hat Enterprise Linux 6) - Under investigation
Debian
CVE-2010-4756: glibc - The glob implementation in the GNU C Library (aka glibc or libc6) allows remote ...
vendor_debian·2010·CVSS 7.8
CVE-2010-4756 [HIGH] CVE-2010-4756: glibc - The glob implementation in the GNU C Library (aka glibc or libc6) allows remote ...
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
Exploit-DB
FreeBSD 9.1 - 'ftpd' Remote Denial of Service
exploitdb·2013-02-05·CVSS 4.0
CVE-2011-0418 [MEDIUM] FreeBSD 9.1 - 'ftpd' Remote Denial of Service
FreeBSD 9.1 - 'ftpd' Remote Denial of Service
---
FreeBSD 9.1 ftpd Remote Denial of Service
Maksymilian Arciemowicz
http://cxsecurity.org/
http://cxsec.org/
Public Date: 01.02.2013
URL: http://cxsecurity.com/issue/WLB-2013020003
--- 1. Description ---
I have decided check BSD ftpd servers once again for wildcards. Old
bug in libc (CVE-2011-0418) allow to Denial of Service ftpd in last
FreeBSD version.
Attacker, what may connect anonymously to FTP server, may cause CPU
resource exhaustion. Login as a 'USER anonymous' 'PASS anonymous',
sending 'STAT' command with special wildchar, enought to create ftpd
process with 100% CPU usage.
Proof of Concept (POC):
See the difference between NetBSD/libc and FreeBSD/libc.
--- PoC ---
#include
#include
int main(){
glob_t globbuf;
char stringa[]="{
Exploit-DB
libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)
exploitdb·2010-10-07·CVSS 7.8
CVE-2010-2632 [HIGH] libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)
libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)
---
Source: http://securityreason.com/securityalert/7822
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ Multiple Vendors libc/glob(3) resource exhaustion (+0day remote
ftpd-anon) ]
Author: Maksymilian Arciemowicz
http://netbsd.org/donations/
http://securityreason.com/
http://cxib.net/
Date:
- - Dis.: 06.11.2009
- - Pub.: 07.10.2010
CVE: CVE-2010-2632
Affected Software (verified):
- - OpenBSD 4.7
- - NetBSD 5.0.2
- - FreeBSD 7.3/8.1
- - Oracle Sun Solaris 10
- - GNU Libc (glibc)
Affected Ftp Servers:
- - ftp.openbsd.org (verified 02.07.2010: "connection refused" and ban)
- - ftp.netbsd.org (verified 02.07.2010: "connection limit of 160 reached"
and ban)
- - ftp.freebsd.org
- - ftp.adobe.com
- - ftp.hp.co
Nuclei
vsftpd < 2.3.3 - DoS
nuclei·CVSS 7.8
CVE-2011-0762 [HIGH] vsftpd < 2.3.3 - DoS
vsftpd < 2.3.3 - DoS
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Template:
id: CVE-2011-0762
info:
name: vsftpd < 2.3.3 - DoS
author: pussycat0x
severity: medium
description: |
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
impact: |
Authenticated attackers can send crafted glob expressions
Bugzilla
CVE-2010-4756 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
bugzilla·2011-03-02·CVSS 7.8
CVE-2010-4756 [HIGH] CVE-2010-4756 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
CVE-2010-4756 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4756 to
the following vulnerability:
Name: CVE-2010-4756
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756
Assigned: 20110302
Reference: http://securityreason.com/achievement_securityalert/89
Reference: http://cxib.net/stuff/glob-0day.c
Reference: http://securityreason.com/exploitalert/9223
The glob implementation in the GNU C Library (aka glibc or libc6)
allows remote authenticated users to cause a denial of service (CPU
and memory consumption) via crafted glob expressions that do not match
any pathnames, as demonstrated by glob expressions in STAT commands to
an FTP daemon, a differen
Bugzilla
CVE-2010-4755 openssh: remote DoS in sftp via crafted glob expressions
bugzilla·2011-03-02·CVSS 7.8
CVE-2010-4755 [HIGH] CVE-2010-4755 openssh: remote DoS in sftp via crafted glob expressions
CVE-2010-4755 openssh: remote DoS in sftp via crafted glob expressions
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4755 to
the following vulnerability:
Name: CVE-2010-4755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4755
Assigned: 20110302
Reference: http://securityreason.com/achievement_securityalert/89
Reference: http://cxib.net/stuff/glob-0day.c
Reference: http://securityreason.com/exploitalert/9223
Reference: http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1
Reference: http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1
Reference: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc
The (1) remote_glob function in sftp-glob.c and the (2
Bugzilla
CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern
bugzilla·2011-03-02·CVSS 7.8
CVE-2011-0762 [HIGH] CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern
CVE-2011-0762 vsftpd: remote DoS via crafted glob pattern
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0762 to
the following vulnerability:
Name: CVE-2011-0762
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762
Assigned: 20110203
Reference: http://securityreason.com/achievement_securityalert/95
Reference: http://www.securityfocus.com/archive/1/archive/1/516748/100/0/threaded
Reference: http://cxib.net/stuff/vspoc232.c
Reference: ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog
Reference: http://www.kb.cert.org/vuls/id/590604
Reference: http://www.securityfocus.com/bid/46617
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3
allows remote authenticated users to cause a denial of service (CPU
consumption and proces
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598http://secunia.com/advisories/42984http://secunia.com/advisories/43433http://secunia.com/advisories/55212http://securityreason.com/achievement_securityalert/89http://securityreason.com/achievement_securityalert/97http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlhttp://www.securitytracker.com/id?1024975http://www.vupen.com/english/advisories/2011/0151https://exchange.xforce.ibmcloud.com/vulnerabilities/64798https://support.avaya.com/css/P8/documents/100127892http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598http://secunia.com/advisories/42984http://secunia.com/advisories/43433http://secunia.com/advisories/55212http://securityreason.com/achievement_securityalert/89http://securityreason.com/achievement_securityalert/97http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.htmlhttp://www.securitytracker.com/id?1024975http://www.vupen.com/english/advisories/2011/0151https://exchange.xforce.ibmcloud.com/vulnerabilities/64798https://support.avaya.com/css/P8/documents/100127892
2011-01-19
Published