CVE-2010-2632 - OpenCVE

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Sunos

Configuration 1 [-]

OR	cpe:2.3:o:sun:sunos:5.8:::::::*
	cpe:2.3:o:sun:sunos:5.9:::::::*
	cpe:2.3:o:sun:sunos:5.10:::::::*
	cpe:2.3:o:sun:sunos:5.11::express:::::

No data.

References

Link	Providers
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598
http://secunia.com/advisories/42984
http://secunia.com/advisories/43433
http://secunia.com/advisories/55212
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/achievement_securityalert/97
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.securitytracker.com/id?1024975
http://www.vupen.com/english/advisories/2011/0151
https://exchange.xforce.ibmcloud.com/vulnerabilities/64798
https://support.avaya.com/css/P8/documents/100127892

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-01-19T15:00:00

Updated: 2024-08-07T02:39:37.480Z

Reserved: 2010-07-06T00:00:00

Link: CVE-2010-2632

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-01-19T16:00:02.263

Modified: 2017-08-17T01:32:46.557

Link: CVE-2010-2632

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "55212", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55212"}, {"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)", "tags": ["third-party-advisory", "x_refsource_SREASONRES"], "url": "http://securityreason.com/achievement_securityalert/89"}, {"name": "43433", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43433"}, {"name": "solaris-ftp-dos(64798)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"}, {"name": "42984", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42984"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.avaya.com/css/P8/documents/100127892"}, {"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", "tags": ["third-party-advisory", "x_refsource_SREASONRES"], "url": "http://securityreason.com/achievement_securityalert/97"}, {"name": "1024975", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024975"}, {"name": "ADV-2011-0151", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0151"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2632", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55212", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55212"}, {"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/89"}, {"name": "43433", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43433"}, {"name": "solaris-ftp-dos(64798)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"}, {"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"}, {"name": "42984", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42984"}, {"name": "https://support.avaya.com/css/P8/documents/100127892", "refsource": "CONFIRM", "url": "https://support.avaya.com/css/P8/documents/100127892"}, {"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/97"}, {"name": "1024975", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024975"}, {"name": "ADV-2011-0151", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0151"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:39:37.480Z"}, "title": "CVE Program Container", "references": [{"name": "55212", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55212"}, {"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)", "tags": ["third-party-advisory", "x_refsource_SREASONRES", "x_transferred"], "url": "http://securityreason.com/achievement_securityalert/89"}, {"name": "43433", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43433"}, {"name": "solaris-ftp-dos(64798)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"}, {"name": "42984", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42984"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.avaya.com/css/P8/documents/100127892"}, {"name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", "tags": ["third-party-advisory", "x_refsource_SREASONRES", "x_transferred"], "url": "http://securityreason.com/achievement_securityalert/97"}, {"name": "1024975", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024975"}, {"name": "ADV-2011-0151", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0151"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2632", "datePublished": "2011-01-19T15:00:00", "dateReserved": "2010-07-06T00:00:00", "dateUpdated": "2024-08-07T02:39:37.480Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "A1E585DC-FC74-4BB0-96B7-C00B6DB610DF", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.11:*:express:*:*:*:*:*", "matchCriteriaId": "48FF14E0-E332-4BD4-827B-D5D13509FBEE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames."}, {"lang": "es", "value": "Vulnerabilidad no especificada en FTP Server para Oracle Solaris v8, v9, v10, v11 y Express permite a atacantes remotos afectar a la disponibilidad, relacionado con FTP."}], "id": "CVE-2010-2632", "lastModified": "2017-08-17T01:32:46.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-19T16:00:02.263", "references": [{"source": "cve@mitre.org", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/42984"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43433"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/55212"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/achievement_securityalert/89"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/achievement_securityalert/97"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024975"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0151"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64798"}, {"source": "cve@mitre.org", "url": "https://support.avaya.com/css/P8/documents/100127892"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}