Vulnerabilities > CVE-2010-2632 - Unspecified vulnerability in SUN Sunos
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 |
Exploit-Db
| description | Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon). CVE-2010-2632. Dos exploits for multiple platform |
| id | EDB-ID:15215 |
| last seen | 2016-02-01 |
| modified | 2010-10-07 |
| published | 2010-10-07 |
| reporter | Maksymilian Arciemowicz |
| source | https://www.exploit-db.com/download/15215/ |
| title | Multiple Vendors libc/glob3 Resource Exhaustion +0day Remote ftpd-anon |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-004.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-004 applied. This update contains security- related fixes for the following components : - AirPort - App Store - ColorSync - CoreGraphics - ImageIO - Libsystem - libxslt - MySQL - patch - Samba - servermgrd - subversion last seen 2020-06-01 modified 2020-06-02 plugin id 55415 published 2011-06-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55415 title Mac OS X Multiple Vulnerabilities (Security Update 2011-004) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-049.NASL description A vulnerability was discovered and corrected in vsftpd : The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632 (CVE-2011-0762). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 52747 published 2011-03-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52747 title Mandriva Linux Security Advisory : vsftpd (MDVSA-2011:049) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0146_OPENSSH-LATEST.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2006-0225) - sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. (CVE-2006-4924) - Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051) - Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. (CVE-2006-5794) - Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. (CVE-2007-3102) - The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. (CVE-2010-4755) - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107) - It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. (CVE-2014-2532) - It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. (CVE-2014-2653) - It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions. (CVE-2014-9278) - It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) - It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325) - An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. (CVE-2016-0777) - An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) - A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127415 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127415 title NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0036_OPENSSH.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssh packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2006-0225) - sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. (CVE-2006-4924) - Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051) - Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. (CVE-2006-5794) - Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. (CVE-2007-3102) - The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. (CVE-2010-4755) - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107) - It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. (CVE-2014-2532) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127206 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127206 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssh Multiple Vulnerabilities (NS-SA-2019-0036) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10598.NASL description According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to a flaw in the glob implementation in libc. An authenticated, remote attacker can exploit this, via a crafted glob expression that does not match any pathnames, to cause a denial of service condition through consumption of CPU and memory resources. last seen 2020-06-01 modified 2020-06-02 plugin id 70481 published 2013-10-17 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70481 title Juniper Junos GNU libc glob Remote DoS (JSA10598) NASL family Solaris Local Security Checks NASL id SOLARIS9_114564.NASL description SunOS 5.9: /usr/sbin/in.ftpd Patch. Date this patch was last updated by Sun : Dec/06/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13555 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13555 title Solaris 9 (sparc) : 114564-16 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3C90E0937C6E11E2809B6C626D99876C.NASL description Problem description : GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient. last seen 2020-06-01 modified 2020-06-02 plugin id 64791 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64791 title FreeBSD : FreeBSD -- glob(3) related resource exhaustion (3c90e093-7c6e-11e2-809b-6c626d99876c) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114565.NASL description SunOS 5.9_x86: /usr/sbin/in.ftpd Patch. Date this patch was last updated by Sun : Dec/06/10 last seen 2020-06-01 modified 2020-06-02 plugin id 13605 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13605 title Solaris 9 (x86) : 114565-16 NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_8.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion last seen 2020-06-01 modified 2020-06-02 plugin id 55416 published 2011-06-24 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55416 title Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities
Packetstorm
data source https://packetstormsecurity.com/files/download/101052/libcglob3-exhaust.txt id PACKETSTORM:101052 last seen 2016-12-05 published 2011-05-03 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/101052/Multiple-Vendors-libc-glob-3-GLOB_BRACE-GLOB_LIMIT-Memory-Exhaustion.html title Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion data source https://packetstormsecurity.com/files/download/94556/libcglob-exhaust.txt id PACKETSTORM:94556 last seen 2016-12-05 published 2010-10-08 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/94556/Multiple-Vendors-libc-glob-3-Resource-Exhaustion.html title Multiple Vendors libc/glob(3) Resource Exhaustion data source https://packetstormsecurity.com/files/download/98796/vsftpd232-dos.txt id PACKETSTORM:98796 last seen 2016-12-05 published 2011-03-01 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/98796/Vsftpd-2.3.2-Denial-Of-Service.html title Vsftpd 2.3.2 Denial Of Service
Seebug
bulletinFamily exploit description No description provided by source. id SSV:78173 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-78173 title FreeBSD 9.1 ftpd Remote Denial of Service bulletinFamily exploit description No description provided by source. id SSV:69983 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-69983 title Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598
- http://secunia.com/advisories/42984
- http://secunia.com/advisories/43433
- http://secunia.com/advisories/55212
- http://securityreason.com/achievement_securityalert/89
- http://securityreason.com/achievement_securityalert/97
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://www.securitytracker.com/id?1024975
- http://www.vupen.com/english/advisories/2011/0151
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64798
- https://support.avaya.com/css/P8/documents/100127892