CVE-2010-2632

Oracle Solaris 8-11 Express - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2632. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This is a detailed writeup describing a resource exhaustion vulnerability in the glob(3) function across multiple vendors, leading to denial-of-service conditions in FTP servers and other applications. It includes technical analysis and proof-of-concept patterns but does not contain executable exploit code.

Description

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

Exploits (1)

exploitdb WRITEUP

by Maksymilian Arciemowicz · textdosmultiple

https://www.exploit-db.com/exploits/15215

View Code ZIP pw:eip

This is a detailed writeup describing a resource exhaustion vulnerability in the glob(3) function across multiple vendors, leading to denial-of-service conditions in FTP servers and other applications. It includes technical analysis and proof-of-concept patterns but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Multiple vendors' libc/glob(3) implementations (OpenBSD, NetBSD, FreeBSD, Solaris, glibc)

No auth needed

Prerequisites: Network access to vulnerable FTP server or application using glob(3) · Ability to send crafted glob patterns

MITRE ATT&CK