CVE-2010-4816 - OpenCVE

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openbsd	Openbsd

Configuration 1 [-]

OR	cpe:2.3:o:openbsd:openbsd:4.6:::::::*
	cpe:2.3:o:openbsd:openbsd:4.9:::::::*
	cpe:2.3:o:openbsd:openbsd:6.3:::::::*
	cpe:2.3:o:openbsd:openbsd:8.0:::::::*

References

Link	Resource
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761	Issue Tracking Exploit Vendor Advisory
https://seclists.org/fulldisclosure/2010/Mar/117	Mailing List Third Party Advisory Exploit
https://seclists.org/oss-sec/2011/q3/284	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-06-22T13:44:58

Updated: 2021-06-22T13:44:58

Reserved: 2011-08-19T00:00:00

Link: CVE-2010-4816

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-22T14:15:08.630

Modified: 2021-09-20T17:12:24.180

Link: CVE-2010-4816

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "FreeBSD and OpenBSD ftpd service", "vendor": "n/a", "versions": [{"status": "affected", "version": "FreeBSD 8.0, 6.3 and 4.9, OpenBSD 4.6"}]}], "descriptions": [{"lang": "en", "value": "It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-22T13:44:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/fulldisclosure/2010/Mar/117"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/oss-sec/2011/q3/284"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4816", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD and OpenBSD ftpd service", "version": {"version_data": [{"version_value": "FreeBSD 8.0, 6.3 and 4.9, OpenBSD 4.6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476"}]}]}, "references": {"reference_data": [{"name": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761", "refsource": "MISC", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761"}, {"name": "https://seclists.org/fulldisclosure/2010/Mar/117", "refsource": "MISC", "url": "https://seclists.org/fulldisclosure/2010/Mar/117"}, {"name": "https://seclists.org/oss-sec/2011/q3/284", "refsource": "MISC", "url": "https://seclists.org/oss-sec/2011/q3/284"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4816", "datePublished": "2021-06-22T13:44:58", "dateReserved": "2011-08-19T00:00:00", "dateUpdated": "2021-06-22T13:44:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "939CCA87-89B5-4772-BA2B-440C63A5921B", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.9:*:*:*:*:*:*:*", "matchCriteriaId": "AB05FD65-71A7-40AC-8509-E3CB9F61A901", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "3326FE9E-7B44-4F41-BF89-3115E36D1FF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "86E57955-7F8A-4C5B-B183-91C655A52CD3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service."}, {"lang": "es", "value": "Se encontr\u00f3 en FreeBSD versiones 8.0, 6.3 y 4.9, y en OpenBSD versiones 4.6 que una desreferencia de puntero null en el archivo ftpd/popen.c puede conllevar a una denegaci\u00f3n de servicio remota del servicio ftpd"}], "id": "CVE-2010-4816", "lastModified": "2021-09-20T17:12:24.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-22T14:15:08.630", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Exploit", "Vendor Advisory"], "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory", "Exploit"], "url": "https://seclists.org/fulldisclosure/2010/Mar/117"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2011/q3/284"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Secondary"}]}