Sign-up

ID

VAR-201103-0141


CVE

CVE-2010-4754


TITLE

FreeBSD Used in etc. libc of glob Service disruption in implementation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-003973

DESCRIPTION

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. FreeBSD , NetBSD , OpenBSD Used in etc. libc and Apple Mac OS X of Libsystem There is a service disruption (CPU And memory corruption ) There is a vulnerability that becomes a condition. This vulnerability CVE-2010-2632 Is a different vulnerability.Crafted by a remotely authenticated user that does not match any pathname glob Service disruption through format (CPU And memory corruption ) There is a possibility of being put into a state. OpenBSD, NetBSD, and FreeBSD are all popular BSD operating systems, which are derivative systems of Unix. Vulnerabilities exist in the glob implementation in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7

Trust: 1.71

sources: NVD: CVE-2010-4754 // JVNDB: JVNDB-2011-003973 // VULHUB: VHN-47359

AFFECTED PRODUCTS

vendor:netbsdmodel:netbsdscope:eqversion:5.0.2

Trust: 1.6

vendor:openbsdmodel:openbsdscope:eqversion:4.7

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.6.7

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:7.3

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:8.1

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:5.3 7.3 to 8.1

Trust: 0.8

vendor:netbsdmodel:netbsdscope:eqversion:1.5 5.0.2

Trust: 0.8

vendor:openbsdmodel:openbsdscope:eqversion:3.4 4.7

Trust: 0.8

vendor:applemodel:mac os xscope:ltversion:10.6.8

Trust: 0.8

sources: JVNDB: JVNDB-2011-003973 // CNNVD: CNNVD-201103-035 // NVD: CVE-2010-4754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4754
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-4754
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201103-035
value: MEDIUM

Trust: 0.6

VULHUB: VHN-47359
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4754
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-47359
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-47359 // JVNDB: JVNDB-2011-003973 // CNNVD: CNNVD-201103-035 // NVD: CVE-2010-4754

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-47359 // JVNDB: JVNDB-2011-003973 // NVD: CVE-2010-4754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201103-035

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201103-035

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003973

PATCH
title:HT4723url:http://support.apple.com/kb/HT4723
Trust: 0.8
title:Top Pageurl:http://www.freebsd.org/
Trust: 0.8
title:NetBSD-SA2010-008url:http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc
Trust: 0.8
title:Top Pageurl:http://www.openbsd.org/
Trust: 0.8
title:9223.0url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39531
Trust: 0.6
title:plainurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39533
Trust: 0.6
title:plainurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39532
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-003973 // 
            
            
            
            CNNVD: CNNVD-201103-035

EXTERNAL IDS
db:NVDid:CVE-2010-4754
Trust: 2.5
db:SREASONid:8116
Trust: 1.1
db:JVNDBid:JVNDB-2011-003973
Trust: 0.8
db:CNNVDid:CNNVD-201103-035
Trust: 0.7
db:SREASONRESid:20101007 MULTIPLE VENDORS LIBC/GLOB(3) RESOURCE EXHAUSTION (+0DAY REMOTE FTPD-ANON)
Trust: 0.6
db:NETBSDid:NETBSD-SA2010-008
Trust: 0.6
db:VULHUBid:VHN-47359
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47359 // 
            
            
            
            JVNDB: JVNDB-2011-003973 // 
            
            
            
            CNNVD: CNNVD-201103-035 // 
            
            
            
            NVD: CVE-2010-4754

REFERENCES
url:http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.3#rev1.30.12.1
Trust: 1.7
url:http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.c#rev1.18.10.1
Trust: 1.7
url:http://cxib.net/stuff/glob-0day.c
Trust: 1.7
url:http://securityreason.com/exploitalert/9223
Trust: 1.7
url:http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2010-008.txt.asc
Trust: 1.7
url:http://securityreason.com/achievement_securityalert/89
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html
Trust: 1.1
url:http://support.apple.com/kb/ht4723
Trust: 1.1
url:http://securityreason.com/securityalert/8116
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4754
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4754
Trust: 0.8
sources:
            
            
            VULHUB: VHN-47359 // 
            
            
            
            JVNDB: JVNDB-2011-003973 // 
            
            
            
            CNNVD: CNNVD-201103-035 // 
            
            
            
            NVD: CVE-2010-4754

SOURCES
db:VULHUBid:VHN-47359
db:JVNDBid:JVNDB-2011-003973
db:CNNVDid:CNNVD-201103-035
db:NVDid:CVE-2010-4754

LAST UPDATE DATE
2024-08-14T12:46:29.450000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-47359date:2011-09-21T00:00:00
db:JVNDBid:JVNDB-2011-003973date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201103-035date:2011-03-03T00:00:00
db:NVDid:CVE-2010-4754date:2011-09-21T04:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-47359date:2011-03-02T00:00:00
db:JVNDBid:JVNDB-2011-003973date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201103-035date:2011-03-03T00:00:00
db:NVDid:CVE-2010-4754date:2011-03-02T20:00:00.927