CVE-2010-4754

Name of the Vulnerable Software and Affected Versions FreeBSD versions 7.3 through 8.1 NetBSD version 5.0.2 OpenBSD version 4.7 Apple Mac OS X versions prior to 10.6.8

Description The issue allows remote authenticated users to cause a denial of service, consuming CPU and memory resources, via crafted glob expressions that do not match any pathnames. This can be demonstrated by using glob expressions in STAT commands to an FTP daemon.

Recommendations For FreeBSD versions 7.3 through 8.1, consider restricting access to the glob implementation until a patch is available. For NetBSD version 5.0.2, avoid using crafted glob expressions in STAT commands to an FTP daemon. For OpenBSD version 4.7, restrict access to the glob implementation to minimize the risk of exploitation. For Apple Mac OS X versions prior to 10.6.8, update to version 10.6.8 or later to resolve the issue.