Vulnerability Details : CVE-2010-2632
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
Vulnerability category: Denial of service
Threat overview for CVE-2010-2632
Top countries where our scanners detected CVE-2010-2632
Top open port discovered on systems with this issue
554
IPs affected by CVE-2010-2632 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-2632!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-2632
Probability of exploitation activity in the next 30 days: 32.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2632
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
References for CVE-2010-2632
-
https://support.avaya.com/css/P8/documents/100127892
ASA-2011-040
-
http://securityreason.com/achievement_securityalert/89
Multiple Vendors libc/glob(3) remote ftpd resource exhaustion - CXSecurity.com
-
http://www.securitytracker.com/id?1024975
Solaris Multiple Flaws Let Remote Users Gain Full Control and Local Users Partially Access and Modify Data and Deny Service - SecurityTracker
-
http://securityreason.com/achievement_securityalert/97
Multiple FTPD Server GLOB_BRACE|GLOB_LIMIT memory exhaustion - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64798
Oracle Solaris FTP denial of service CVE-2010-2632 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0151
Webmail | OVH- OVH
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598
Juniper Networks - 2013-10 Security Bulletin: Junos: GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability (CVE-2010-2632)
-
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Oracle Critical Patch Update - January 2011Vendor Advisory
Products affected by CVE-2010-2632
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.11:*:express:*:*:*:*:*