CVE-2010-1938

Severity

93%

Complexity

86%

Confidentiality

165%

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

FreeBSD

First reported 15 years ago

2010-05-28 18:30:00

Last updated 13 years ago

2011-07-29 02:37:00

Affected Software

FreeBSD 6.4

6.4

FreeBSD 7.0

7.0

FreeBSD 7.1

7.1

FreeBSD 7.1 Release Candidate 1

7.1

FreeBSD 7.2

7.2

FreeBSD 8.0

8.0

References

http://blog.pi3.com.pl/?p=111

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932

39963

Vendor Advisory

39966

Vendor Advisory

45136

FreeBSD-SA-10:05

Vendor Advisory

20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)

7450

1024040

1025709

http://site.pi3.com.pl/adv/libopie-adv.txt

DSA-2281

12762

40403

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.