Displaying 1 result from an estimated 1 matches for "ssh_fxp_stat".
Did you mean:
ssh_fxp_status
2011 Mar 04
2
remote DoS in sftp via crafted glob expressions (CVE-2010-4755)
...in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3
and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote
authenticated users to cause a denial of service (CPU and memory
consumption) via crafted glob expressions that do not match any
pathnames, as demonstrated by glob expressions in SSH_FXP_STAT
requests to an sftp daemon, a different vulnerability than
CVE-2010-2632.
This looks to have been corrected in NetBSD, but I don't know how
portable their fix is. Here are some references:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4755
http://securityreason.com/achievement_secu...