CVE-2010-1938
Published: 28 May 2010
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
Notes
Author | Note |
---|---|
mdeslaur | in dapper and hardy, the off-by-one overflows into *c, which isn't used after in the function, so it's harmless. on jaunty+, fortify source makes opie abort, so it is a denial of service. |
Priority
Status
Package | Release | Status |
---|---|---|
opie Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(2.32-10)
|
hardy |
Not vulnerable
(2.32-10.2build1)
|
|
jaunty |
Released
(2.40~dfsg-0ubuntu1.9.04.1)
|
|
karmic |
Released
(2.40~dfsg-0ubuntu1.9.10.1)
|
|
lucid |
Released
(2.40~dfsg-0ubuntu1.10.04.1)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://security.freebsd.org/patches/SA-10:05/opie.patch |