Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2010-4755

Published: 02/03/2011 Updated: 08/08/2014
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Openbsd

Vulnerability Summary

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and previous versions, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openbsd openssh 1.2.27

openbsd openssh 1.2.3

openbsd openssh 1.3

openbsd openssh 1.5

openbsd openssh 2.9.9p2

openbsd openssh 2.9p1

openbsd openssh 2.9p2

openbsd openssh 3.0

openbsd openssh 3.0.1

openbsd openssh 3.4

openbsd openssh 3.4p1

openbsd openssh 3.5

openbsd openssh 3.5p1

openbsd openssh 3.9.1p1

openbsd openssh 4.0

openbsd openssh 4.0p1

openbsd openssh 4.1

openbsd openssh 4.9

openbsd openssh

openbsd openssh 5.7

openbsd openssh 5.6

openbsd openssh 1.2.1

openbsd openssh 1.5.8

openbsd openssh 2.1.1

openbsd openssh 2.5.1

openbsd openssh 2.9

openbsd openssh 3.0.1p1

openbsd openssh 3.0.2p1

openbsd openssh 3.2.3p1

openbsd openssh 3.3p1

openbsd openssh 3.6

openbsd openssh 3.6.1p1

openbsd openssh 3.7

openbsd openssh 3.8.1

openbsd openssh 3.9

openbsd openssh 4.2

openbsd openssh 4.3

openbsd openssh 4.5

openbsd openssh 4.7

openbsd openssh 4.8

openbsd openssh 5.5

openbsd openssh 5.3

openbsd openssh 2.2

openbsd openssh 2.3

openbsd openssh 2.3.1

openbsd openssh 2.5

openbsd openssh 3.1

openbsd openssh 3.1p1

openbsd openssh 3.2

openbsd openssh 3.2.2

openbsd openssh 3.7.1

openbsd openssh 3.7.1p1

openbsd openssh 3.7.1p2

openbsd openssh 3.8

openbsd openssh 4.3p1

openbsd openssh 4.3p2

openbsd openssh 4.4

openbsd openssh 4.4p1

openbsd openssh 5.1

openbsd openssh 5.0

openbsd openssh 1.2

openbsd openssh 1.2.2

openbsd openssh 1.5.7

openbsd openssh 2.1

openbsd openssh 2.5.2

openbsd openssh 2.9.9

openbsd openssh 3.0.2

openbsd openssh 3.0p1

openbsd openssh 3.2.2p1

openbsd openssh 3.3

openbsd openssh 3.6.1

openbsd openssh 3.6.1p2

openbsd openssh 3.8.1p1

openbsd openssh 3.9.1

openbsd openssh 4.1p1

openbsd openssh 4.2p1

openbsd openssh 4.6

openbsd openssh 4.7p1

openbsd openssh 5.4

openbsd openssh 5.2

netbsd netbsd 5.0.2

freebsd freebsd 7.3

freebsd freebsd 8.1

openbsd openbsd 4.7

Exploits

Exploit DB: Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion
Multiple vendors are affected by a memory exhaustion vulnerability in libc/glob(3) GLOB_BRACE|GLOB_LIMIT ...

References

CWE-399http://cxib.net/stuff/glob-0day.chttp://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1http://securityreason.com/achievement_securityalert/89http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.aschttp://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1http://securityreason.com/exploitalert/9223http://securityreason.com/securityalert/8116https://nvd.nist.govhttps://packetstormsecurity.com/files/101052/Multiple-Vendors-libc-glob-3-GLOB_BRACE-GLOB_LIMIT-Memory-Exhaustion.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook