CVE-2010-2632 - Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote

CVE-2010-2632

Summary

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

References

Vulnerable Configurations

cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.11:*:express:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.11:*:express:*:*:*:*:*

CVSS

Base:	7.8 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

confirm	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html https://support.avaya.com/css/P8/documents/100127892
sectrack	1024975
secunia	42984 43433 55212
sreasonres	20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon) 20110502 Multiple Vendors libc/glob(3) GLOB_BRACE\|GLOB_LIMIT memory exhaustion
vupen	ADV-2011-0151
xf	solaris-ftp-dos(64798)

Last major update

17-08-2017 - 01:32

Published

19-01-2011 - 16:00

Last modified

17-08-2017 - 01:32