Vulnerability Name:

CVE-2010-4755 (CCN-65910)

Assigned:2010-10-07
Published:2010-10-07
Updated:2014-08-08
Summary:The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2010-4755

Source: CONFIRM
Type: Patch
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1

Source: CONFIRM
Type: Patch
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1

Source: MISC
Type: Exploit
http://cxib.net/stuff/glob-0day.c

Source: CCN
Type: NetBSD-SA2010-008
sftp(1)/ftp(1)/glob(3) related resource exhaustion

Source: NETBSD
Type: Vendor Advisory
NetBSD-SA2010-008

Source: SREASONRES
Type: Exploit
20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)

Source: MISC
Type: Exploit
http://securityreason.com/exploitalert/9223

Source: SREASON
Type: UNKNOWN
8116

Source: CCN
Type: OpenSSH Web Site
OpenSSH 5.8 has just been released

Source: CCN
Type: BID-68757
OpenSSH Multiple Remote Denial of Service Vulnerabilities

Source: XF
Type: UNKNOWN
openssh-remoteglob-dos(65910)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:*:*:*:*:*:*:*:* (Version <= 5.8)
  • AND
  • cpe:/o:freebsd:freebsd:7.3:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:8.1:-:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:4.7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.8:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:8.1:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.3:-:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.8:-:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:4.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openbsd openssh 1.2
    openbsd openssh 1.2.1
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 1.2.27
    openbsd openssh 1.3
    openbsd openssh 1.5
    openbsd openssh 1.5.7
    openbsd openssh 1.5.8
    openbsd openssh 2.1
    openbsd openssh 2.1.1
    openbsd openssh 2.2
    openbsd openssh 2.3
    openbsd openssh 2.3.1
    openbsd openssh 2.5
    openbsd openssh 2.5.1
    openbsd openssh 2.5.2
    openbsd openssh 2.9
    openbsd openssh 2.9.9
    openbsd openssh 2.9.9p2
    openbsd openssh 2.9p1
    openbsd openssh 2.9p2
    openbsd openssh 3.0
    openbsd openssh 3.0.1
    openbsd openssh 3.0.1p1
    openbsd openssh 3.0.2
    openbsd openssh 3.0.2p1
    openbsd openssh 3.0p1
    openbsd openssh 3.1
    openbsd openssh 3.1p1
    openbsd openssh 3.2
    openbsd openssh 3.2.2
    openbsd openssh 3.2.2p1
    openbsd openssh 3.2.3p1
    openbsd openssh 3.3
    openbsd openssh 3.3p1
    openbsd openssh 3.4
    openbsd openssh 3.4p1
    openbsd openssh 3.5
    openbsd openssh 3.5p1
    openbsd openssh 3.6
    openbsd openssh 3.6.1
    openbsd openssh 3.6.1p1
    openbsd openssh 3.6.1p2
    openbsd openssh 3.7
    openbsd openssh 3.7.1
    openbsd openssh 3.7.1p1
    openbsd openssh 3.7.1p2
    openbsd openssh 3.8
    openbsd openssh 3.8.1
    openbsd openssh 3.8.1p1
    openbsd openssh 3.9
    openbsd openssh 3.9.1
    openbsd openssh 3.9.1p1
    openbsd openssh 4.0
    openbsd openssh 4.0p1
    openbsd openssh 4.1
    openbsd openssh 4.1p1
    openbsd openssh 4.2
    openbsd openssh 4.2p1
    openbsd openssh 4.3
    openbsd openssh 4.3p1
    openbsd openssh 4.3p2
    openbsd openssh 4.4
    openbsd openssh 4.4p1
    openbsd openssh 4.5
    openbsd openssh 4.6
    openbsd openssh 4.7
    openbsd openssh 4.7p1
    openbsd openssh 4.8
    openbsd openssh 4.9
    openbsd openssh 5.0
    openbsd openssh 5.1
    openbsd openssh 5.2
    openbsd openssh 5.3
    openbsd openssh 5.4
    openbsd openssh 5.5
    openbsd openssh 5.6
    openbsd openssh 5.7
    openbsd openssh *
    freebsd freebsd 7.3
    freebsd freebsd 8.1
    netbsd netbsd 5.0.2
    openbsd openbsd 4.7
    openbsd openssh 2.1.1
    openbsd openssh 2.3.1
    openbsd openssh 3.0
    openbsd openssh 3.2.2
    openbsd openssh 3.4
    openbsd openssh 4.0
    openbsd openssh 4.4
    openbsd openssh 4.6
    openbsd openssh 4.5
    openbsd openssh 3.0.2
    openbsd openssh 3.1
    openbsd openssh 3.2
    openbsd openssh 3.3
    openbsd openssh 3.5
    openbsd openssh 3.6
    openbsd openssh 3.6.1
    openbsd openssh 3.7.1
    openbsd openssh 3.8
    openbsd openssh 3.9
    openbsd openssh 2.9.9
    openbsd openssh 4.3
    openbsd openssh 4.2
    openbsd openssh 3.2.3p1
    openbsd openssh 4.7
    openbsd openssh 4.9
    openbsd openssh 4.1
    openbsd openssh 1.2
    openbsd openssh 4.0
    openbsd openssh 4.8
    freebsd freebsd 8.1 -
    freebsd freebsd 7.3 -
    netbsd netbsd 5.0.2
    openbsd openssh 5.0
    openbsd openssh 5.6
    openbsd openssh 5.5
    openbsd openssh 5.4
    openbsd openssh 5.3
    openbsd openssh 5.2
    openbsd openssh 5.1
    openbsd openssh 5.7
    openbsd openssh 5.8
    openbsd openbsd 4.7