Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-4755

Disclosure Date: March 02, 2011
CVE-2010-4755
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • freebsd,
  • netbsd,
  • openbsd

Products

  • freebsd 7.3,
  • freebsd 8.1,
  • netbsd 5.0.2,
  • openbsd 4.7,
  • openssh,
  • openssh 1.2,
  • openssh 1.2.1,
  • openssh 1.2.2,
  • openssh 1.2.27,
  • openssh 1.2.3,
  • openssh 1.3,
  • openssh 1.5,
  • openssh 1.5.7,
  • openssh 1.5.8,
  • openssh 2.1,
  • openssh 2.1.1,
  • openssh 2.2,
  • openssh 2.3,
  • openssh 2.3.1,
  • openssh 2.5,
  • openssh 2.5.1,
  • openssh 2.5.2,
  • openssh 2.9,
  • openssh 2.9.9,
  • openssh 2.9.9p2,
  • openssh 2.9p1,
  • openssh 2.9p2,
  • openssh 3.0,
  • openssh 3.0.1,
  • openssh 3.0.1p1,
  • openssh 3.0.2,
  • openssh 3.0.2p1,
  • openssh 3.0p1,
  • openssh 3.1,
  • openssh 3.1p1,
  • openssh 3.2,
  • openssh 3.2.2,
  • openssh 3.2.2p1,
  • openssh 3.2.3p1,
  • openssh 3.3,
  • openssh 3.3p1,
  • openssh 3.4,
  • openssh 3.4p1,
  • openssh 3.5,
  • openssh 3.5p1,
  • openssh 3.6,
  • openssh 3.6.1,
  • openssh 3.6.1p1,
  • openssh 3.6.1p2,
  • openssh 3.7,
  • openssh 3.7.1,
  • openssh 3.7.1p1,
  • openssh 3.7.1p2,
  • openssh 3.8,
  • openssh 3.8.1,
  • openssh 3.8.1p1,
  • openssh 3.9,
  • openssh 3.9.1,
  • openssh 3.9.1p1,
  • openssh 4.0,
  • openssh 4.0p1,
  • openssh 4.1,
  • openssh 4.1p1,
  • openssh 4.2,
  • openssh 4.2p1,
  • openssh 4.3,
  • openssh 4.3p1,
  • openssh 4.3p2,
  • openssh 4.4,
  • openssh 4.4p1,
  • openssh 4.5,
  • openssh 4.6,
  • openssh 4.7,
  • openssh 4.7p1,
  • openssh 4.8,
  • openssh 4.9,
  • openssh 5.0,
  • openssh 5.1,
  • openssh 5.2,
  • openssh 5.3,
  • openssh 5.4,
  • openssh 5.5,
  • openssh 5.6,
  • openssh 5.7
Technical Analysis