Vulnerability CVE-2010-4051 - CERT Civis.Net

Vulnerability Name:

CVE-2010-4051 (CCN-63944)

Assigned:

2010-12-07

Published:

2010-12-07

Updated:

2021-06-18

Summary:

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2010-4051

Source: MITRE
Type: CNA
CVE-2010-4052

Source: MISC
Type: Patch
http://cxib.net/stuff/proftpd.gnu.c

Source: CCN
Type: JSA10612
GNU libc 'regcomp()' Stack Exhaustion Denial Of Service Vulnerability (CVE-2010-4051, CVE-2010-4052)

Source: CCN
Type: Packetstorm Security Web Site
Joomla 1.5.22 Cross Site Scripting

Source: FULLDISC
Type: Exploit
20110107 GNU libc/regcomp(3) Multiple Vulnerabilities

Source: CCN
Type: SA42547
GNU C Library regcomp() Stack Overflow Denial of Service

Source: SECUNIA
Type: Vendor Advisory
42547

Source: CCN
Type: SA56375
Juniper JunOS Multiple Vulnerabilities

Source: SREASONRES
Type: Exploit
20110107 GNU libc/regcomp(3) Multiple Vulnerabilities

Source: SREASON
Type: Exploit
8003

Source: CCN
Type: SECTRACK ID: 1024832
GNU Glibc Stack Exhaustion Flaw in regcomp() Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1024832

Source: EXPLOIT-DB
Type: UNKNOWN
15935

Source: CCN
Type: GNU C Library Web page
GNC C Library - GNU Project - Free Software Foundation (FSF)

Source: CCN
Type: US-CERT VU#912279
GNU libc regcomp() stack exhaustion denial of service

Source: CERT-VN
Type: US Government Resource
VU#912279

Source: CCN
Type: OSVDB ID: 70446
GNU C Library (glibc) regcomp() Function Regex Bounded Repetition RE_DUP_MAX Limitation Bypass DoS

Source: CCN
Type: OSVDB ID: 70447
GNU C Library (glibc) regcomp() Function Regex Adjacent Repetition Operator DoS

Source: BUGTRAQ
Type: UNKNOWN
20110107 GNU libc/regcomp(3) Multiple Vulnerabilities

Source: BID
Type: Exploit
45233

Source: CCN
Type: BID-45233
GNU glibc 'regcomp()' Stack Exhaustion Denial Of Service Vulnerability

Source: MISC
Type: Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=645859

Source: XF
Type: UNKNOWN
gnuclibrary-regcomp-dos(63944)

Source: MLIST
Type: UNKNOWN
[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-07-2011]

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:glibc:1.04:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.03:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.10.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.12.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.11:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.11.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.09.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.00:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.08:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.07:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.10.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.11.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.02:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.09:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.11.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.01:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.05:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:1.06:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.12.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.12.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:glibc:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.1.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.7:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.6:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.8:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.9:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.10:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.3.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:glibc:2.10.1:*:*:*:*:*:*:*

AND

cpe:/o:juniper:junos:10.0:*:*:*:*:*:*:*

OR cpe:/o:juniper:junos:11.1:*:*:*:*:*:*:*

OR cpe:/o:juniper:junos:12.1:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:13.1:-:*:*:*:*:*:*

Denotes that component is vulnerable