CVE-2010-2632

Severity

78%

Complexity

99%

Confidentiality

115%

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Sun SunOS

First reported 14 years ago

2011-01-19 16:00:00

Last updated 7 years ago

2017-08-17 01:32:00

Affected Software

Sun SunOS (Solaris 8) 5.8

5.8

Sun SunOS (Solaris 9) 5.9

5.9

Sun SunOS (Solaris 10) 5.10

5.10

Sun SunOS (formerly Solaris 11) 5.11 Express

5.11

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598

42984

43433

55212

20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)

20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Vendor Advisory

1024975

ADV-2011-0151

solaris-ftp-dos(64798)

https://support.avaya.com/css/P8/documents/100127892

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.