http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598

42984

43433

55212

20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)

20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

1024975

ADV-2011-0151

solaris-ftp-dos(64798)

https://support.avaya.com/css/P8/documents/100127892

According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to a flaw in the glob implementation in libc. An authenticated, remote attacker can exploit this, via a crafted glob expression that does not match any pathnames, to cause a denial of service condition through consumption of CPU and memory resources.

Problem description :

GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient.

The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components :

  - App Store
  - ATS
  - Certificate Trust Policy
  - CoreFoundation
  - CoreGraphics
  - FTP Server
  - ImageIO
  - International Components for Unicode
  - Kernel
  - Libsystem
  - libxslt
  - MobileMe
  - MySQL
  - OpenSSL
  - patch
  - QuickLook
  - QuickTime
  - Samba
  - servermgrd
  - subversion

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-004 applied. This update contains security- related fixes for the following components :

  - AirPort
  - App Store
  - ColorSync
  - CoreGraphics
  - ImageIO
  - Libsystem
  - libxslt
  - MySQL
  - patch
  - Samba
  - servermgrd
  - subversion

Versions of Mac OS X 10.6 earlier than 10.6.8 are potentially affected by a security issue.  Mac OS X 10.6.8 contains a security fix for the following products :

  - App Store

  - ATS

  - Certificate Trust Policy

  - CoreFoundation

  - CoreGraphics

  - FTP Server

  - ImageIO

  - International Components for Unicode

  - Kernel

  - Libsystem

  - libxslt

  - MobileMe

  - MySQL

  - OpenSSL

  - patch

  - QuickLook

  - QuickTime

  - Samba

  - servermgrd

  - subversion
IAVA Reference : 2011-A-0160
IAVB Reference : 2012-B-0038
STIG Finding Severity : Category I

Versions of Mac OS X 10.6 earlier than 10.6.8 are potentially affected by a security issue.  Mac OS X 10.6.8 contains a security fix for the following products :

  - App Store

  - ATS

  - Certificate Trust Policy

  - CoreFoundation

  - CoreGraphics

  - FTP Server

  - ImageIO

  - International Components for Unicode

  - Kernel

  - Libsystem

  - libxslt

  - MobileMe

  - MySQL

  - OpenSSL

  - patch

  - QuickLook

  - QuickTime

  - Samba

  - servermgrd

  - subversion

SunOS 5.9_x86: /usr/sbin/in.ftpd Patch.
Date this patch was last updated by Sun : Dec/06/10

SunOS 5.9: /usr/sbin/in.ftpd Patch.
Date this patch was last updated by Sun : Dec/06/10

ID	Name	Product	Family	Severity
70481	Juniper Junos GNU libc glob Remote DoS (JSA10598)	Nessus	Junos Local Security Checks	medium
64791	FreeBSD : FreeBSD -- glob(3) related resource exhaustion (3c90e093-7c6e-11e2-809b-6c626d99876c)	Nessus	FreeBSD Local Security Checks	high
55416	Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
55415	Mac OS X Multiple Vulnerabilities (Security Update 2011-004)	Nessus	MacOS X Local Security Checks	high
800790	Mac OS X 10.6 < 10.6.8 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	high
5968	Mac OS X 10.6 < 10.6.8 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
13605	Solaris 9 (x86) : 114565-16	Nessus	Solaris Local Security Checks	high
13555	Solaris 9 (sparc) : 114564-16	Nessus	Solaris Local Security Checks	high

CVE-2010-2632

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium

high

critical

high

high

critical

high

high