#VU45458 Resource management error in Glibc - CVE-2010-4052
Vulnerability identifier: #VU45458
Vulnerability risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Glibc
Universal components / Libraries /
Libraries used by multiple products
Vendor: GNU
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Glibc: 1.00 - 2.12.2
External links
https://cxib.net/stuff/proftpd.gnu.c
https://seclists.org/fulldisclosure/2011/Jan/78
https://secunia.com/advisories/42547
https://securityreason.com/achievement_securityalert/93
https://securityreason.com/securityalert/8003
https://securitytracker.com/id?1024832
https://www.exploit-db.com/exploits/15935
https://www.kb.cert.org/vuls/id/912279
https://www.securityfocus.com/archive/1/515589/100/0/threaded
https://www.securityfocus.com/bid/45233
https://bugzilla.redhat.com/show_bug.cgi?id=645859
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
