NVD

Id
13429  
Name
CVE-2010-1938  
Description
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-18  
Published
2010-05-28  
Modified Date
2011-07-28  
Seq
2010-1938  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
74280 13429 CVE-2010-1938 http://blog.pi3.com.pl/?p=111  View
74281 13429 CVE-2010-1938 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932  View
74282 13429 CVE-2010-1938 FreeBSD-SA-10:05  View
74283 13429 CVE-2010-1938 20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)  View
74284 13429 CVE-2010-1938 7450  View
74285 13429 CVE-2010-1938 1024040  View
74286 13429 CVE-2010-1938 1025709  View
74287 13429 CVE-2010-1938 http://site.pi3.com.pl/adv/libopie-adv.txt  View
74288 13429 CVE-2010-1938 DSA-2281  View
74289 13429 CVE-2010-1938 12762  View
74290 13429 CVE-2010-1938 40403  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
38991 JVNDB-2010-004776 OPIE の __opiereadrec 関数におけるサービス運用妨害 (DoS) の脆弱性 FreeBSD などのプラットフォーム上で稼動する OPIE の libopie の readrec.c の __opiereadrec 関数には、一つずれエラー (Off-by-one) が発生するため、サービス運用妨害 (デーモンクラッシュ) 状態となる、または任意のコードを実行される脆弱性が存在します。 CVE-2010-1938 44518 CVE-2010-1938 13429 9.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004776.html 2010-05-27 2012-09-25 View