CVE-2010-2632 - OpenCVE

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Sunos

Configuration 1 [-]

OR	cpe:2.3:o:sun:sunos:5.8:::::::*
	cpe:2.3:o:sun:sunos:5.9:::::::*
	cpe:2.3:o:sun:sunos:5.10:::::::*
	cpe:2.3:o:sun:sunos:5.11::express:::::

References

Link	Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598
http://secunia.com/advisories/42984
http://secunia.com/advisories/43433
http://secunia.com/advisories/55212
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/achievement_securityalert/97
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Vendor Advisory
http://www.securitytracker.com/id?1024975
http://www.vupen.com/english/advisories/2011/0151
https://exchange.xforce.ibmcloud.com/vulnerabilities/64798
https://support.avaya.com/css/P8/documents/100127892

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-01-19T15:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-07-06T00:00:00

Link: CVE-2010-2632

JSON object: View

NVD Information

Status : Modified

Published: 2011-01-19T16:00:02.263

Modified: 2017-08-17T01:32:46.557

Link: CVE-2010-2632

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "55212", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55212"}, {"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)", "tags": ["third-party-advisory", "x_refsource_SREASONRES"], "url": "http://securityreason.com/achievement_securityalert/89"}, {"name": "43433", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43433"}, {"name": "solaris-ftp-dos(64798)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"}, {"name": "42984", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42984"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.avaya.com/css/P8/documents/100127892"}, {"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", "tags": ["third-party-advisory", "x_refsource_SREASONRES"], "url": "http://securityreason.com/achievement_securityalert/97"}, {"name": "1024975", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024975"}, {"name": "ADV-2011-0151", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0151"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2632", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55212", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55212"}, {"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/89"}, {"name": "43433", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43433"}, {"name": "solaris-ftp-dos(64798)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"}, {"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"}, {"name": "42984", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42984"}, {"name": "https://support.avaya.com/css/P8/documents/100127892", "refsource": "CONFIRM", "url": "https://support.avaya.com/css/P8/documents/100127892"}, {"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/97"}, {"name": "1024975", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024975"}, {"name": "ADV-2011-0151", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0151"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2632", "datePublished": "2011-01-19T15:00:00", "dateReserved": "2010-07-06T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "A1E585DC-FC74-4BB0-96B7-C00B6DB610DF", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.11:*:express:*:*:*:*:*", "matchCriteriaId": "48FF14E0-E332-4BD4-827B-D5D13509FBEE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames."}, {"lang": "es", "value": "Vulnerabilidad no especificada en FTP Server para Oracle Solaris v8, v9, v10, v11 y Express permite a atacantes remotos afectar a la disponibilidad, relacionado con FTP."}], "id": "CVE-2010-2632", "lastModified": "2017-08-17T01:32:46.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-19T16:00:02.263", "references": [{"source": "cve@mitre.org", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/42984"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43433"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/55212"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/achievement_securityalert/89"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/achievement_securityalert/97"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024975"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0151"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"}, {"source": "cve@mitre.org", "url": "https://support.avaya.com/css/P8/documents/100127892"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}