Lucene search

K

[email protected]NVD:CVE-2010-4754

HistoryMar 02, 2011 - 8:00 p.m.

CVE-2010-4754

2011-03-0220:00:00

CWE-399

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

7.3 High

AI Score

Confidence

High

0.323 Low

EPSS

Percentile

97.0%

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Affected configurations

NVD

Node

applemac_os_xRange≤10.6.7

OR

freebsdfreebsdMatch7.3

OR

freebsdfreebsdMatch8.1

OR

netbsdnetbsdMatch5.0.2

OR

openbsdopenbsdMatch4.7

References

cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.3#rev1.30.12.1

cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.c#rev1.18.10.1

cxib.net/stuff/glob-0day.c

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc

lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

securityreason.com/achievement_securityalert/89

securityreason.com/exploitalert/9223

securityreason.com/securityalert/8116

support.apple.com/kb/HT4723

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

7.3 High

AI Score

Confidence

High

0.323 Low

EPSS

Percentile

97.0%

Related for NVD:CVE-2010-4754

prion5 cve5 cvelist5 securityvulns9 packetstorm3 nessus9 openvas5 freebsd_advisory1 exploitpack2 seebug2 freebsd1 nvd4 thn1 exploitdb2 ubuntucve2 debiancve2 f52 oracle1