CVE-2010-4755

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
openbsdopenssh
𝑥
≤ 5.8
openbsdopenssh
1.2
openbsdopenssh
1.2.1
openbsdopenssh
1.2.2
openbsdopenssh
1.2.3
openbsdopenssh
1.2.27
openbsdopenssh
1.3
openbsdopenssh
1.5
openbsdopenssh
1.5.7
openbsdopenssh
1.5.8
openbsdopenssh
2.1
openbsdopenssh
2.1.1
openbsdopenssh
2.2
openbsdopenssh
2.3
openbsdopenssh
2.3.1
openbsdopenssh
2.5
openbsdopenssh
2.5.1
openbsdopenssh
2.5.2
openbsdopenssh
2.9
openbsdopenssh
2.9.9
openbsdopenssh
2.9.9p2:p2
openbsdopenssh
2.9p1:p1
openbsdopenssh
2.9p2:p2
openbsdopenssh
3.0
openbsdopenssh
3.0.1
openbsdopenssh
3.0.1p1:p1
openbsdopenssh
3.0.2
openbsdopenssh
3.0.2p1:p1
openbsdopenssh
3.0p1:p1
openbsdopenssh
3.1
openbsdopenssh
3.1p1:p1
openbsdopenssh
3.2
openbsdopenssh
3.2.2
openbsdopenssh
3.2.2p1:p1
openbsdopenssh
3.2.3p1:p1
openbsdopenssh
3.3
openbsdopenssh
3.3p1:p1
openbsdopenssh
3.4
openbsdopenssh
3.4p1:p1
openbsdopenssh
3.5
openbsdopenssh
3.5p1:p1
openbsdopenssh
3.6
openbsdopenssh
3.6.1
openbsdopenssh
3.6.1p1:p1
openbsdopenssh
3.6.1p2:p2
openbsdopenssh
3.7
openbsdopenssh
3.7.1
openbsdopenssh
3.7.1p1:p1
openbsdopenssh
3.7.1p2:p2
openbsdopenssh
3.8
openbsdopenssh
3.8.1
openbsdopenssh
3.8.1p1:p1
openbsdopenssh
3.9
openbsdopenssh
3.9.1
openbsdopenssh
3.9.1p1:p1
openbsdopenssh
4.0
openbsdopenssh
4.0p1:p1
openbsdopenssh
4.1
openbsdopenssh
4.1p1:p1
openbsdopenssh
4.2
openbsdopenssh
4.2p1:p1
openbsdopenssh
4.3
openbsdopenssh
4.3p1:p1
openbsdopenssh
4.3p2:p2
openbsdopenssh
4.4
openbsdopenssh
4.4p1:p1
openbsdopenssh
4.5
openbsdopenssh
4.6
openbsdopenssh
4.7
openbsdopenssh
4.7p1:p1
openbsdopenssh
4.8
openbsdopenssh
4.9
openbsdopenssh
5.0
openbsdopenssh
5.1
openbsdopenssh
5.2
openbsdopenssh
5.3
openbsdopenssh
5.4
openbsdopenssh
5.5
openbsdopenssh
5.6
openbsdopenssh
5.7
freebsdfreebsd
7.3
freebsdfreebsd
8.1
netbsdnetbsd
5.0.2
openbsdopenbsd
4.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1
http://cxib.net/stuff/glob-0day.c
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
http://securityreason.com/securityalert/8116
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1
http://cxib.net/stuff/glob-0day.c
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
http://securityreason.com/securityalert/8116