2010-05-28 20:30:01 2011-07-29 04:37:14

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Freebsd Freebsd 7.0 Release-p12 (not an official CPE) Freebsd Freebsd 7.0 Pre-release (not an official CPE) Freebsd Freebsd 7.0 releng (not an official CPE) Freebsd Freebsd 7.1 Release-p1 (not an official CPE) Freebsd Freebsd 7.0 Current (not an official CPE) Freebsd Freebsd 7.2 Pre-release (not an official CPE) Freebsd Freebsd 7.1 Pre-release (not an official CPE) Linux Connectiva 8 Freebsd Freebsd 7.1 Release-p5 (not an official CPE) Freebsd Freebsd 7.0 Release-p8 (not an official CPE) Freebsd Freebsd 7.1 Release-p2 (not an official CPE) Freebsd Freebsd 7.0 Release-p9 (not an official CPE) Linux Connectiva 6 Linux Connectiva Cononical Ubuntu 14.10 Freebsd Freebsd 7.0 Release (not an official CPE) Freebsd Freebsd 7.1 Release-p4 (not an official CPE) Freebsd Freebsd 6 Stable (not an official CPE) Connections Project Connections Plugin for WordPress 0.7.3.5 Freebsd Freebsd 7.1 Release-p6 (not an official CPE) Freebsd Freebsd 6.4 Release p2 (not an official CPE) Freebsd Freebsd 7.0 Beta 4 (not an official CPE) Freebsd Freebsd 6.4 Release p3 (not an official CPE) Freebsd Freebsd 6.4 Release p5 (not an official CPE) Freebsd Freebsd 6.4 Release p4 (not an official CPE) Freebsd Freebsd 7.0 Releng (not an official CPE) Freebsd Freebsd 7.0 beta4 (not an official CPE) Freebsd Freebsd 7.2 Stable (not an official CPE) Freebsd Freebsd 6.4 Stable (not an official CPE) Freebsd Freebsd 7.0-release (not an official CPE) Freebsd Freebsd 7.0 Stable (not an official CPE) Linux Connectiva 7 Freebsd Freebsd 7.1 Stable (not an official CPE) Freebsd Freebsd 8.1-prerelease (not an official CPE) Freebsd Freebsd 6.4 Release (not an official CPE)