CVE-2010-4755

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.6 p1-r1 OpenSSH version 5.8 and earlier

Description The issue affects the openssh package in Gentoo Linux and other products, allowing remote exploitation that may lead to breaches of confidentiality, integrity, and availability of protected information. Specifically, the remote glob function in sftp-glob.c and the process put function in sftp.c in OpenSSH 5.8 and earlier allow remote authenticated users to cause a denial of service via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH FXP STAT requests to an sftp daemon.

Recommendations For OpenSSH versions prior to 6.6 p1-r1, update to version 6.6 p1-r1 or later to resolve the issue. For OpenSSH version 5.8 and earlier, consider disabling the remote glob function and the process put function as a temporary workaround until a patch is available. Restrict access to the sftp daemon to minimize the risk of exploitation.