Displaying 1 result from an estimated 1 matches for "sa2010".
2011 Mar 04
2
remote DoS in sftp via crafted glob expressions (CVE-2010-4755)
...glob-0day.c
http://securityreason.com/exploitalert/9223
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1
http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc
https://bugzilla.redhat.com/show_bug.cgi?id=681698
I did try on a Red Hat Enterprise Linux 6 system and did see that
sftp-server and sshd were consistently consuming about 20% and 25% CPU
respectively for the one crafted ls command:
sftp> ls {..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{...