Project

General

Profile

Bug #1102

Resource exhaustion in sftp client

Added by Gary Mills over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
2011-06-10
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

CVE-2010-4755 refers to a resource exhaustion vulnerability in the BSD glob library.
This code is not part of the Illumos/Solaris glob library, but is part of a private library
used by the sftp client. Note that this is not a security issue because it's only on the
client side.

It has been corrected in BSD variants by enhancing the function of the GLOB_LIMIT
flag option.

History

#1

Updated by Gary Mills over 8 years ago

I've submitted an RTI for this bug.
So far, nobody has offered to integrate it.

#2

Updated by Rich Lowe over 8 years ago

  • Category set to cmd - userland programs
  • Status changed from New to Resolved
  • % Done changed from 0 to 100
  • Tags deleted (needs-triage)

Resolved in r13433 commit:1fde68f76cc6

Also available in: Atom PDF