Vulnerabilities > CVE-2010-4052 - Resource Management Errors vulnerability in GNU Glibc

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
CWE-399
nessus
exploit available

Summary

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionGNU glibc 'regcomp()' Stack Exhaustion Denial Of Service Vulnerability. CVE-2010-4052. Dos exploit for linux platform
    idEDB-ID:35061
    last seen2016-02-04
    modified2010-12-07
    published2010-12-07
    reporterMaksymilian Arciemowicz
    sourcehttps://www.exploit-db.com/download/35061/
    titleGNU glibc 'regcomp' Stack Exhaustion Denial Of Service Vulnerability
  • descriptionGNU libc/regcomp(3) Multiple Vulnerabilities. CVE-2010-4051. Dos exploit for linux platform
    fileexploits/linux/dos/15935.c
    idEDB-ID:15935
    last seen2016-02-01
    modified2011-01-07
    platformlinux
    port
    published2011-01-07
    reporterMaksymilian Arciemowicz
    sourcehttps://www.exploit-db.com/download/15935/
    titleGNU libc/regcomp3 Multiple Vulnerabilities
    typedos

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-5098.NASL
    descriptionThe second release candidate for proftpd 1.3.4. This includes fixes for a number of security issues : - Plaintext command injection vulnerability in FTPS implementation - Badly formed SSH messages cause DoS - Limit recursion depth for untrusted regular expressions (#673040) The update also contains a large number of bug fixes over release candidate 1, plus new support for SSL session caching using memcached. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id53460
    published2011-04-18
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53460
    titleFedora 15 : proftpd-1.3.4-0.8.rc2.fc15 (2011-5098)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-5098.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53460);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/02 13:32:35");
    
      script_cve_id("CVE-2010-4051", "CVE-2010-4052", "CVE-2011-1137");
      script_bugtraq_id(45233);
      script_xref(name:"FEDORA", value:"2011-5098");
    
      script_name(english:"Fedora 15 : proftpd-1.3.4-0.8.rc2.fc15 (2011-5098)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The second release candidate for proftpd 1.3.4.
    
    This includes fixes for a number of security issues :
    
      - Plaintext command injection vulnerability in FTPS
        implementation
    
        - Badly formed SSH messages cause DoS
    
        - Limit recursion depth for untrusted regular
          expressions (#673040)
    
    The update also contains a large number of bug fixes over release
    candidate 1, plus new support for SSL session caching using memcached.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=645859"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=681718"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058262.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c0126ca2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected proftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:proftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC15", reference:"proftpd-1.3.4-0.8.rc2.fc15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd");
    }
    
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10612.NASL
    descriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability in the regcomp implementation of the GNU C Library used in the command-line interpreter (CLI). A attacker can exploit this vulnerability to crash the RE by using a crafted regular expression containing adjacent repetition operators or adjacent bounded repetitions.
    last seen2020-06-01
    modified2020-06-02
    plugin id72001
    published2014-01-16
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72001
    titleJuniper Junos CLI libc recomp() rpd DoS (JSA10612)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72001);
      script_version("1.4");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2010-4051", "CVE-2010-4052");
      script_bugtraq_id(45233);
      script_xref(name:"JSA", value:"JSA10612");
    
      script_name(english:"Juniper Junos CLI libc recomp() rpd DoS (JSA10612)");
      script_summary(english:"Checks the Junos version and build date.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the remote Juniper
    Junos device is affected by a denial of service vulnerability in the
    regcomp implementation of the GNU C Library used in the command-line
    interpreter (CLI). A attacker can exploit this vulnerability to crash
    the RE by using a crafted regular expression containing adjacent
    repetition operators or adjacent bounded repetitions.");
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10612");
      script_set_attribute(attribute:"solution", value:
    "Apply the relevant Junos upgrade referenced in Juniper advisory
    JSA10612.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Junos Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("junos_version.nasl");
      script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/JUNOS/BuildDate");
    
      exit(0);
    }
    
    include("audit.inc");
    include("junos.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
    build_date = get_kb_item_or_exit('Host/Juniper/JUNOS/BuildDate');
    
    if (compare_build_dates(build_date, '2013-12-12') >= 0)
      audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver + ' (build date ' + build_date + ')');
    if (ver == '11.4R9-S1' || ver == '13.1R3-S1')
      audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);
    
    fixes = make_array();
    fixes['10.4'] = '10.4S15';
    fixes['11.4'] = '11.4R10';
    fixes['12.1'] = '12.1R8';
    fixes['12.1X44'] = '12.1X44-D25';
    fixes['12.1X45'] = '12.1X45-D15';
    fixes['12.1X46'] = '12.1X46-D10';
    fixes['12.2'] = '12.2R6';
    fixes['12.3'] = '12.3R4';
    fixes['13.1'] = '13.1R3';
    fixes['13.2'] = '13.2R2';
    
    fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
    
    if (report_verbosity > 0)
    {
      report = get_report(ver:ver, fix:fix);
      security_note(port:0, extra:report);
    }
    else security_note(0);
    

Packetstorm

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:78173
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-78173
    titleFreeBSD 9.1 ftpd Remote Denial of Service
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:70536
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-70536
    titleGNU libc/regcomp(3) Multiple Vulnerabilities