First published: Wed Mar 02 2011(Updated: )
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Openbsd Openssh | <=5.8 | |
Openbsd Openssh | =1.2 | |
Openbsd Openssh | =1.2.1 | |
Openbsd Openssh | =1.2.2 | |
Openbsd Openssh | =1.2.3 | |
Openbsd Openssh | =1.2.27 | |
Openbsd Openssh | =1.3 | |
Openbsd Openssh | =1.5 | |
Openbsd Openssh | =1.5.7 | |
Openbsd Openssh | =1.5.8 | |
Openbsd Openssh | =2.1 | |
Openbsd Openssh | =2.1.1 | |
Openbsd Openssh | =2.2 | |
Openbsd Openssh | =2.3 | |
Openbsd Openssh | =2.3.1 | |
Openbsd Openssh | =2.5 | |
Openbsd Openssh | =2.5.1 | |
Openbsd Openssh | =2.5.2 | |
Openbsd Openssh | =2.9 | |
Openbsd Openssh | =2.9.9 | |
Openbsd Openssh | =2.9.9p2 | |
Openbsd Openssh | =2.9p1 | |
Openbsd Openssh | =2.9p2 | |
Openbsd Openssh | =3.0 | |
Openbsd Openssh | =3.0.1 | |
Openbsd Openssh | =3.0.1p1 | |
Openbsd Openssh | =3.0.2 | |
Openbsd Openssh | =3.0.2p1 | |
Openbsd Openssh | =3.0p1 | |
Openbsd Openssh | =3.1 | |
Openbsd Openssh | =3.1p1 | |
Openbsd Openssh | =3.2 | |
Openbsd Openssh | =3.2.2 | |
Openbsd Openssh | =3.2.2p1 | |
Openbsd Openssh | =3.2.3p1 | |
Openbsd Openssh | =3.3 | |
Openbsd Openssh | =3.3p1 | |
Openbsd Openssh | =3.4 | |
Openbsd Openssh | =3.4p1 | |
Openbsd Openssh | =3.5 | |
Openbsd Openssh | =3.5p1 | |
Openbsd Openssh | =3.6 | |
Openbsd Openssh | =3.6.1 | |
Openbsd Openssh | =3.6.1p1 | |
Openbsd Openssh | =3.6.1p2 | |
Openbsd Openssh | =3.7 | |
Openbsd Openssh | =3.7.1 | |
Openbsd Openssh | =3.7.1p1 | |
Openbsd Openssh | =3.7.1p2 | |
Openbsd Openssh | =3.8 | |
Openbsd Openssh | =3.8.1 | |
Openbsd Openssh | =3.8.1p1 | |
Openbsd Openssh | =3.9 | |
Openbsd Openssh | =3.9.1 | |
Openbsd Openssh | =3.9.1p1 | |
Openbsd Openssh | =4.0 | |
Openbsd Openssh | =4.0p1 | |
Openbsd Openssh | =4.1 | |
Openbsd Openssh | =4.1p1 | |
Openbsd Openssh | =4.2 | |
Openbsd Openssh | =4.2p1 | |
Openbsd Openssh | =4.3 | |
Openbsd Openssh | =4.3p1 | |
Openbsd Openssh | =4.3p2 | |
Openbsd Openssh | =4.4 | |
Openbsd Openssh | =4.4p1 | |
Openbsd Openssh | =4.5 | |
Openbsd Openssh | =4.6 | |
Openbsd Openssh | =4.7 | |
Openbsd Openssh | =4.7p1 | |
Openbsd Openssh | =4.8 | |
Openbsd Openssh | =4.9 | |
Openbsd Openssh | =5.0 | |
Openbsd Openssh | =5.1 | |
Openbsd Openssh | =5.2 | |
Openbsd Openssh | =5.3 | |
Openbsd Openssh | =5.4 | |
Openbsd Openssh | =5.5 | |
Openbsd Openssh | =5.6 | |
Openbsd Openssh | =5.7 | |
FreeBSD FreeBSD | =7.3 | |
FreeBSD FreeBSD | =8.1 | |
NetBSD NetBSD | =5.0.2 | |
Openbsd Openbsd | =4.7 |
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.