CVE-2010-4755
published 2011-03-02CVE-2010-4755: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD…
PriorityP419medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
7.79%
93.9th percentile
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
Affected
84 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| netbsd | netbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openssh | <= 5.8 | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
openssh: remote DoS in sftp via crafted glob expressions
vendor_redhat·2011-01-03·CVSS 7.8
CVE-2010-4755 [HIGH] openssh: remote DoS in sftp via crafted glob expressions
openssh: remote DoS in sftp via crafted glob expressions
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
Statement: We do not consider a denial of service flaw in a client application such as sftp to be a security issue.
Package: openssh (Red Hat Enterprise Linux 4) - Not affected
Package: openssh (Red Hat Enterprise Linux 5) - Not affected
Package: openssh (Red Hat E
GHSA
GHSA-r3f6-ghj9-9mqf: The (1) remote_glob function in sftp-glob
ghsa_unreviewed·2022-05-17·CVSS 7.8
CVE-2010-4755 [HIGH] GHSA-r3f6-ghj9-9mqf: The (1) remote_glob function in sftp-glob
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-4756 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
bugzilla·2011-03-02·CVSS 7.8
CVE-2010-4756 [HIGH] CVE-2010-4756 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
CVE-2010-4756 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4756 to
the following vulnerability:
Name: CVE-2010-4756
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756
Assigned: 20110302
Reference: http://securityreason.com/achievement_securityalert/89
Reference: http://cxib.net/stuff/glob-0day.c
Reference: http://securityreason.com/exploitalert/9223
The glob implementation in the GNU C Library (aka glibc or libc6)
allows remote authenticated users to cause a denial of service (CPU
and memory consumption) via crafted glob expressions that do not match
any pathnames, as demonstrated by glob expressions in STAT commands to
an FTP daemon, a differen
Bugzilla
CVE-2010-4755 openssh: remote DoS in sftp via crafted glob expressions
bugzilla·2011-03-02·CVSS 7.8
CVE-2010-4755 [HIGH] CVE-2010-4755 openssh: remote DoS in sftp via crafted glob expressions
CVE-2010-4755 openssh: remote DoS in sftp via crafted glob expressions
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4755 to
the following vulnerability:
Name: CVE-2010-4755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4755
Assigned: 20110302
Reference: http://securityreason.com/achievement_securityalert/89
Reference: http://cxib.net/stuff/glob-0day.c
Reference: http://securityreason.com/exploitalert/9223
Reference: http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1
Reference: http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1
Reference: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc
The (1) remote_glob function in sftp-glob.c and the (2
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1http://cxib.net/stuff/glob-0day.chttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.aschttp://securityreason.com/achievement_securityalert/89http://securityreason.com/exploitalert/9223http://securityreason.com/securityalert/8116http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1http://cxib.net/stuff/glob-0day.chttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.aschttp://securityreason.com/achievement_securityalert/89http://securityreason.com/exploitalert/9223http://securityreason.com/securityalert/8116
2011-03-02
Published