Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Freebsd Freebsd 7.0 Release-p12 (not an official CPE)
Freebsd Freebsd 7.0 Pre-release (not an official CPE)
Freebsd Freebsd 7.0 releng (not an official CPE)
Freebsd Freebsd 7.1 Release-p1 (not an official CPE)
Freebsd Freebsd 7.0 Current (not an official CPE)
Freebsd Freebsd 7.2 Pre-release (not an official CPE)
Freebsd Freebsd 7.1 Pre-release (not an official CPE)
Linux Connectiva 8
Freebsd Freebsd 7.1 Release-p5 (not an official CPE)
Freebsd Freebsd 7.0 Release-p8 (not an official CPE)
Freebsd Freebsd 7.1 Release-p2 (not an official CPE)
Freebsd Freebsd 7.0 Release-p9 (not an official CPE)
Linux Connectiva 6
Linux Connectiva
Cononical Ubuntu 14.10
Freebsd Freebsd 7.0 Release (not an official CPE)
Freebsd Freebsd 7.1 Release-p4 (not an official CPE)
Freebsd Freebsd 6 Stable (not an official CPE)
Connections Project Connections Plugin for WordPress 0.7.3.5
Freebsd Freebsd 7.1 Release-p6 (not an official CPE)
Freebsd Freebsd 6.4 Release p2 (not an official CPE)
Freebsd Freebsd 7.0 Beta 4 (not an official CPE)
Freebsd Freebsd 6.4 Release p3 (not an official CPE)
Freebsd Freebsd 6.4 Release p5 (not an official CPE)
Freebsd Freebsd 6.4 Release p4 (not an official CPE)
Freebsd Freebsd 7.0 Releng (not an official CPE)
Freebsd Freebsd 7.0 beta4 (not an official CPE)
Freebsd Freebsd 7.2 Stable (not an official CPE)
Freebsd Freebsd 6.4 Stable (not an official CPE)
Freebsd Freebsd 7.0-release (not an official CPE)
Freebsd Freebsd 7.0 Stable (not an official CPE)
Linux Connectiva 7
Freebsd Freebsd 7.1 Stable (not an official CPE)
Freebsd Freebsd 8.1-prerelease (not an official CPE)
Freebsd Freebsd 6.4 Release (not an official CPE)
Nrl Opie 2.22 (not an official CPE)
Nrl Opie 2.32 (not an official CPE)
Nrl Opie 2.3 (not an official CPE)
Nrl Opie 2.10 (not an official CPE)
Nrl Opie 2.4 (not an official CPE)
Nrl Opie 2.2 (not an official CPE)
Nrl Opie 2.11 (not an official CPE)
Nrl Opie 2.4.1 Test1 (not an official CPE)
Nrl Opie 2.21 (not an official CPE)