ID CVE-2010-4755
Summary The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
References
Vulnerable Configurations
  • OpenBSD OpenSSH 1.2
    cpe:2.3:a:openbsd:openssh:1.2
  • OpenBSD OpenSSH 1.2.1
    cpe:2.3:a:openbsd:openssh:1.2.1
  • OpenBSD OpenSSH 1.2.2
    cpe:2.3:a:openbsd:openssh:1.2.2
  • OpenBSD OpenSSH 1.2.27
    cpe:2.3:a:openbsd:openssh:1.2.27
  • OpenBSD OpenSSH 1.2.3
    cpe:2.3:a:openbsd:openssh:1.2.3
  • OpenBSD OpenSSH 1.3
    cpe:2.3:a:openbsd:openssh:1.3
  • OpenBSD OpenSSH 1.5
    cpe:2.3:a:openbsd:openssh:1.5
  • OpenBSD OpenSSH 1.5.7
    cpe:2.3:a:openbsd:openssh:1.5.7
  • OpenBSD OpenSSH 1.5.8
    cpe:2.3:a:openbsd:openssh:1.5.8
  • OpenBSD OpenSSH 2.1
    cpe:2.3:a:openbsd:openssh:2.1
  • OpenBSD OpenSSH 2.1.1
    cpe:2.3:a:openbsd:openssh:2.1.1
  • OpenBSD OpenSSH 2.2
    cpe:2.3:a:openbsd:openssh:2.2
  • OpenBSD OpenSSH 2.3
    cpe:2.3:a:openbsd:openssh:2.3
  • OpenBSD OpenSSH 2.3.1
    cpe:2.3:a:openbsd:openssh:2.3.1
  • OpenBSD OpenSSH 2.5
    cpe:2.3:a:openbsd:openssh:2.5
  • OpenBSD OpenSSH 2.5.1
    cpe:2.3:a:openbsd:openssh:2.5.1
  • OpenBSD OpenSSH 2.5.2
    cpe:2.3:a:openbsd:openssh:2.5.2
  • OpenBSD OpenSSH 2.9
    cpe:2.3:a:openbsd:openssh:2.9
  • OpenBSD OpenSSH 2.9.9
    cpe:2.3:a:openbsd:openssh:2.9.9
  • OpenBSD OpenSSH 2.9.9 p2
    cpe:2.3:a:openbsd:openssh:2.9.9p2
  • OpenBSD OpenSSH 2.9 p1
    cpe:2.3:a:openbsd:openssh:2.9p1
  • OpenBSD OpenSSH 2.9 p2
    cpe:2.3:a:openbsd:openssh:2.9p2
  • OpenBSD OpenSSH 3.0
    cpe:2.3:a:openbsd:openssh:3.0
  • OpenBSD OpenSSH 3.0.1
    cpe:2.3:a:openbsd:openssh:3.0.1
  • OpenBSD OpenSSH 3.0.1 p1
    cpe:2.3:a:openbsd:openssh:3.0.1p1
  • OpenBSD OpenSSH 3.0.2
    cpe:2.3:a:openbsd:openssh:3.0.2
  • OpenBSD OpenSSH 3.0.2p1
    cpe:2.3:a:openbsd:openssh:3.0.2p1
  • OpenBSD OpenSSH 3.0 p1
    cpe:2.3:a:openbsd:openssh:3.0p1
  • OpenBSD OpenSSH 3.1
    cpe:2.3:a:openbsd:openssh:3.1
  • OpenBSD OpenSSH 3.1 p1
    cpe:2.3:a:openbsd:openssh:3.1p1
  • OpenBSD OpenSSH 3.2
    cpe:2.3:a:openbsd:openssh:3.2
  • OpenBSD OpenSSH 3.2.2
    cpe:2.3:a:openbsd:openssh:3.2.2
  • OpenBSD OpenSSH 3.2.2 p1
    cpe:2.3:a:openbsd:openssh:3.2.2p1
  • OpenBSD OpenSSH 3.2.3 p1
    cpe:2.3:a:openbsd:openssh:3.2.3p1
  • OpenBSD OpenSSH 3.3
    cpe:2.3:a:openbsd:openssh:3.3
  • OpenBSD OpenSSH 3.3 p1
    cpe:2.3:a:openbsd:openssh:3.3p1
  • OpenBSD OpenSSH 3.4
    cpe:2.3:a:openbsd:openssh:3.4
  • OpenBSD OpenSSH 3.4 p1
    cpe:2.3:a:openbsd:openssh:3.4p1
  • OpenBSD OpenSSH 3.5
    cpe:2.3:a:openbsd:openssh:3.5
  • OpenBSD OpenSSH 3.5 p1
    cpe:2.3:a:openbsd:openssh:3.5p1
  • OpenBSD OpenSSH 3.6
    cpe:2.3:a:openbsd:openssh:3.6
  • OpenBSD OpenSSH 3.6.1
    cpe:2.3:a:openbsd:openssh:3.6.1
  • OpenBSD OpenSSH 3.6.1 p1
    cpe:2.3:a:openbsd:openssh:3.6.1p1
  • OpenBSD OpenSSH 3.6.1 p2
    cpe:2.3:a:openbsd:openssh:3.6.1p2
  • OpenBSD OpenSSH 3.7
    cpe:2.3:a:openbsd:openssh:3.7
  • OpenBSD OpenSSH 3.7.1
    cpe:2.3:a:openbsd:openssh:3.7.1
  • OpenBSD OpenSSH 3.7.1 p1
    cpe:2.3:a:openbsd:openssh:3.7.1p1
  • OpenBSD OpenSSH 3.7.1 p2
    cpe:2.3:a:openbsd:openssh:3.7.1p2
  • OpenBSD OpenSSH 3.8
    cpe:2.3:a:openbsd:openssh:3.8
  • OpenBSD OpenSSH 3.8.1
    cpe:2.3:a:openbsd:openssh:3.8.1
  • OpenBSD OpenSSH 3.8.1 p1
    cpe:2.3:a:openbsd:openssh:3.8.1p1
  • OpenBSD OpenSSH 3.9
    cpe:2.3:a:openbsd:openssh:3.9
  • OpenBSD OpenSSH 3.9.1
    cpe:2.3:a:openbsd:openssh:3.9.1
  • OpenBSD OpenSSH 3.9.1 p1
    cpe:2.3:a:openbsd:openssh:3.9.1p1
  • OpenBSD OpenSSH 4.0
    cpe:2.3:a:openbsd:openssh:4.0
  • OpenBSD OpenSSH Portable 4.0.p1
    cpe:2.3:a:openbsd:openssh:4.0p1
  • OpenBSD OpenSSH 4.1
    cpe:2.3:a:openbsd:openssh:4.1
  • OpenBSD OpenSSH Portable 4.1.p1
    cpe:2.3:a:openbsd:openssh:4.1p1
  • OpenBSD OpenSSH 4.2
    cpe:2.3:a:openbsd:openssh:4.2
  • OpenBSD OpenSSH Portable 4.2.p1
    cpe:2.3:a:openbsd:openssh:4.2p1
  • OpenBSD OpenSSH 4.3
    cpe:2.3:a:openbsd:openssh:4.3
  • OpenBSD OpenSSH Portable 4.3.p1
    cpe:2.3:a:openbsd:openssh:4.3p1
  • OpenBSD OpenSSH Portable 4.3.p2
    cpe:2.3:a:openbsd:openssh:4.3p2
  • OpenBSD OpenSSH 4.4
    cpe:2.3:a:openbsd:openssh:4.4
  • OpenBSD OpenSSH Portable 4.4.p1
    cpe:2.3:a:openbsd:openssh:4.4p1
  • OpenBSD OpenSSH 4.5
    cpe:2.3:a:openbsd:openssh:4.5
  • OpenBSD OpenSSH 4.6
    cpe:2.3:a:openbsd:openssh:4.6
  • OpenBSD OpenSSH 4.7
    cpe:2.3:a:openbsd:openssh:4.7
  • OpenBSD OpenSSH 4.7p1
    cpe:2.3:a:openbsd:openssh:4.7p1
  • OpenBSD OpenSSH 4.8
    cpe:2.3:a:openbsd:openssh:4.8
  • OpenBSD OpenSSH 4.9
    cpe:2.3:a:openbsd:openssh:4.9
  • OpenBSD OpenSSH 5.8
    cpe:2.3:a:openbsd:openssh:5.8
  • OpenBSD OpenSSH 5.7
    cpe:2.3:a:openbsd:openssh:5.7
  • OpenBSD OpenSSH 5.6
    cpe:2.3:a:openbsd:openssh:5.6
  • OpenBSD OpenSSH 5.5
    cpe:2.3:a:openbsd:openssh:5.5
  • OpenBSD OpenSSH 5.4
    cpe:2.3:a:openbsd:openssh:5.4
  • OpenBSD OpenSSH 5.3
    cpe:2.3:a:openbsd:openssh:5.3
  • OpenBSD OpenSSH 5.2
    cpe:2.3:a:openbsd:openssh:5.2
  • OpenBSD OpenSSH 5.1
    cpe:2.3:a:openbsd:openssh:5.1
  • OpenBSD OpenSSH 5.0
    cpe:2.3:a:openbsd:openssh:5.0
  • FreeBSD 7.3
    cpe:2.3:o:freebsd:freebsd:7.3
  • FreeBSD 8.1
    cpe:2.3:o:freebsd:freebsd:8.1
  • cpe:2.3:o:netbsd:netbsd:5.0.2
    cpe:2.3:o:netbsd:netbsd:5.0.2
  • OpenBSD 4.7
    cpe:2.3:o:openbsd:openbsd:4.7
CVSS
Base: 4.0 (as of 08-08-2014 - 17:01)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Denial of Service
    NASL id OPENSSH_59.NASL
    description According to its banner, the version of OpenSSH running on the remote host is prior to version 5.9. Such versions are affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the gss-serv.c 'ssh_gssapi_parse_ename' function. A remote attacker may be able to trigger this vulnerability if gssapi-with-mic is enabled to create a denial of service condition via a large value in a certain length field. (CVE-2011-5000) - On FreeBSD, NetBSD, OpenBSD, and other products, a remote, authenticated attacker could exploit the remote_glob() and process_put() functions to cause a denial of service (CPU and memory consumption). (CVE-2010-4755)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17703
    published 2011-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17703
    title OpenSSH < 5.9 Multiple DoS
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201405-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201405-06 (OpenSSH: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or bypass environment restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-13
    plugin id 73958
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73958
    title GLSA-201405-06 : OpenSSH: Multiple vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/101052/libcglob3-exhaust.txt
id PACKETSTORM:101052
last seen 2016-12-05
published 2011-05-03
reporter Maksymilian Arciemowicz
source https://packetstormsecurity.com/files/101052/Multiple-Vendors-libc-glob-3-GLOB_BRACE-GLOB_LIMIT-Memory-Exhaustion.html
title Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion
refmap via4
confirm
misc
netbsd NetBSD-SA2010-008
sreason 8116
sreasonres 20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)
Last major update 08-08-2014 - 17:01
Published 02-03-2011 - 15:00
Back to Top