ID CVE-2010-2632
Summary Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
References
Vulnerable Configurations
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
  • Sun SunOS (Solaris 9) 5.9
    cpe:2.3:o:sun:sunos:5.9
  • Sun SunOS (Solaris 10) 5.10
    cpe:2.3:o:sun:sunos:5.10
  • Sun SunOS (formerly Solaris 11) 5.11 Express
    cpe:2.3:o:sun:sunos:5.11:-:express
CVSS
Base: 7.8 (as of 19-01-2011 - 14:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
exploit-db via4
description Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon). CVE-2010-2632. Dos exploits for multiple platform
id EDB-ID:15215
last seen 2016-02-01
modified 2010-10-07
published 2010-10-07
reporter Maksymilian Arciemowicz
source https://www.exploit-db.com/download/15215/
title Multiple Vendors libc/glob3 Resource Exhaustion +0day Remote ftpd-anon
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114565.NASL
    description SunOS 5.9_x86: /usr/sbin/in.ftpd Patch. Date this patch was last updated by Sun : Dec/06/10
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 13605
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13605
    title Solaris 9 (x86) : 114565-16
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_114564.NASL
    description SunOS 5.9: /usr/sbin/in.ftpd Patch. Date this patch was last updated by Sun : Dec/06/10
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 13555
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13555
    title Solaris 9 (sparc) : 114564-16
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_JSA10598.NASL
    description According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to a flaw in the glob implementation in libc. An authenticated, remote attacker can exploit this, via a crafted glob expression that does not match any pathnames, to cause a denial of service condition through consumption of CPU and memory resources.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70481
    published 2013-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70481
    title Juniper Junos GNU libc glob Remote DoS (JSA10598)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2011-004.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-004 applied. This update contains security- related fixes for the following components : - AirPort - App Store - ColorSync - CoreGraphics - ImageIO - Libsystem - libxslt - MySQL - patch - Samba - servermgrd - subversion
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 55415
    published 2011-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55415
    title Mac OS X Multiple Vulnerabilities (Security Update 2011-004)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_8.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion
    last seen 2019-02-21
    modified 2018-08-22
    plugin id 55416
    published 2011-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55416
    title Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3C90E0937C6E11E2809B6C626D99876C.NASL
    description Problem description : GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64791
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64791
    title FreeBSD : FreeBSD -- glob(3) related resource exhaustion (3c90e093-7c6e-11e2-809b-6c626d99876c)
packetstorm via4
refmap via4
confirm
sectrack 1024975
secunia
  • 42984
  • 43433
  • 55212
sreasonres
  • 20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)
  • 20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion
vupen ADV-2011-0151
xf solaris-ftp-dos(64798)
Last major update 10-10-2014 - 00:26
Published 19-01-2011 - 11:00
Last modified 16-08-2017 - 21:32
Back to Top