Launchpad.net

CVE 2010-1938

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

Related bugs and status

CVE-2010-1938 (Candidate) is related to these bugs:

Bug #569292: opiepasswd does not always generate valid seeds

		In	Importance	Status
569292	opiepasswd does not always generate valid seeds	opie (Ubuntu)	Medium	Fix Released
569292	opiepasswd does not always generate valid seeds	opie (Ubuntu Karmic)	Undecided	Fix Released
569292	opiepasswd does not always generate valid seeds	opie (Ubuntu Lucid)	Undecided	Fix Released
569292	opiepasswd does not always generate valid seeds	opie (Ubuntu Maverick)	Medium	Fix Released
569292	opiepasswd does not always generate valid seeds	opie (Ubuntu Jaunty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

SREASONRES: 20100527 libopie __rea...
MISC: http://blog.pi3.com.pl...
MISC: http://site.pi3.com.pl...
FREEBSD: FreeBSD-SA-10:05
BID: 40403
SECTRACK: 1024040
SECUNIA: 39963
SECUNIA: 39966
SREASON: 7450
EXPLOIT-DB: 12762
CONFIRM: http://bugs.debian.org...
DEBIAN: DSA-2281
SECTRACK: 1025709
SECUNIA: 45136