9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.869 High
EPSS
Percentile
98.6%
Off-by-one error in the __opiereadrec function in readrec.c in libopie in
OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE
and other platforms, allows remote attackers to cause a denial of service
(daemon crash) or possibly execute arbitrary code via a long username, as
demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
Author | Note |
---|---|
mdeslaur | in dapper and hardy, the off-by-one overflows into *c, which isn’t used after in the function, so it’s harmless. on jaunty+, fortify source makes opie abort, so it is a denial of service. |
security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
securityreason.com/achievement_securityalert/87
launchpad.net/bugs/cve/CVE-2010-1938
nvd.nist.gov/vuln/detail/CVE-2010-1938
security-tracker.debian.org/tracker/CVE-2010-1938
ubuntu.com/security/notices/USN-955-1
ubuntu.com/security/notices/USN-955-2
www.cve.org/CVERecord?id=CVE-2010-1938