Vulnerability Name:

CVE-2010-1938 (CCN-58948)

Assigned:2010-05-27
Published:2010-05-27
Updated:2011-07-29
Summary:Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: UNKNOWN
http://blog.pi3.com.pl/?p=111

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932

Source: MITRE
Type: CNA
CVE-2010-1938

Source: CCN
Type: SA39963
FreeBSD OPIE __opiereadrec() Off-by-One Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39963

Source: CCN
Type: SA39966
OPIE __opiereadrec() Off-by-One Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39966

Source: SECUNIA
Type: UNKNOWN
45136

Source: CCN
Type: FreeBSD-SA-10:05.opie
OPIE off-by-one stack overflow

Source: FREEBSD
Type: Vendor Advisory
FreeBSD-SA-10:05

Source: CCN
Type: SecurityReason SecurityAlert : 87
libopie __readrec() off-by one (FreeBSD ftpd remote PoC)

Source: SREASONRES
Type: UNKNOWN
20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)

Source: SREASON
Type: UNKNOWN
7450

Source: CCN
Type: SECTRACK ID: 1024040
OPIE Off-by-One Buffer Overflow Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1024040

Source: SECTRACK
Type: UNKNOWN
1025709

Source: MISC
Type: UNKNOWN
http://site.pi3.com.pl/adv/libopie-adv.txt

Source: DEBIAN
Type: UNKNOWN
DSA-2281

Source: DEBIAN
Type: DSA-2281
opie -- several vulnerabilities

Source: EXPLOIT-DB
Type: UNKNOWN
12762

Source: CCN
Type: OSVDB ID: 64949
OPIE readrec.c __opiereadrec() Off-by-One Remote Code Execution

Source: BID
Type: UNKNOWN
40403

Source: CCN
Type: BID-40403
OPIE '__opiereadrec()' Off By One Heap Memory Corruption Vulnerability

Source: XF
Type: UNKNOWN
opie-opiereadrec-bo(58948)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [2010-05-27]

Vulnerable Configuration:Configuration 1:
  • cpe:/o:freebsd:freebsd:6:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release_p2:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release_p3:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release_p5:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:beta_4:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:current:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:release-p12:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:release-p8:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:release-p9:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:releng:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0-release:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:pre-release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:rc1:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:release-p1:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:release-p2:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:release-p4:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:release-p5:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:release-p6:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.2:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.2:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:8.0:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:8.1-prerelease:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:nrl:opie:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:nrl:opie:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:nrl:opie:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:nrl:opie:*:test1:*:*:*:*:*:* (Version <= 2.4.1)
  • OR cpe:/a:nrl:opie:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:nrl:opie:2.11:*:*:*:*:*:*:*
  • OR cpe:/a:nrl:opie:2.21:*:*:*:*:*:*:*
  • OR cpe:/a:nrl:opie:2.22:*:*:*:*:*:*:*
  • OR cpe:/a:nrl:opie:2.32:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:freebsd:freebsd:7.0:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:rc1:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.1:release-p5:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:release-p12:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release_p3:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release_p2:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:release_p5:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.2:rc2:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.2:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:8.0:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:stable:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.2:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:8.1:pre-release:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13191
    P
    		USN-955-1 -- opie vulnerability
    2014-06-30
    oval:org.mitre.oval:def:13523
    P
    		USN-955-2 -- libpam-opie vulnerability
    2014-06-30
    oval:org.mitre.oval:def:13063
    P
    		DSA-2281-1 opie -- several
    2014-06-23
    BACK
    freebsd freebsd 6 stable
    freebsd freebsd 6.4
    freebsd freebsd 6.4 release
    freebsd freebsd 6.4 release_p2
    freebsd freebsd 6.4 release_p3
    freebsd freebsd 6.4 release_p4
    freebsd freebsd 6.4 release_p5
    freebsd freebsd 6.4 stable
    freebsd freebsd 7.0
    freebsd freebsd 7.0 beta_4
    freebsd freebsd 7.0 current
    freebsd freebsd 7.0 pre-release
    freebsd freebsd 7.0 release
    freebsd freebsd 7.0 release-p12
    freebsd freebsd 7.0 release-p8
    freebsd freebsd 7.0 release-p9
    freebsd freebsd 7.0 releng
    freebsd freebsd 7.0 stable
    freebsd freebsd 7.0-release
    freebsd freebsd 7.0_beta4
    freebsd freebsd 7.0_releng
    freebsd freebsd 7.1
    freebsd freebsd 7.1 pre-release
    freebsd freebsd 7.1 rc1
    freebsd freebsd 7.1 release-p1
    freebsd freebsd 7.1 release-p2
    freebsd freebsd 7.1 release-p4
    freebsd freebsd 7.1 release-p5
    freebsd freebsd 7.1 release-p6
    freebsd freebsd 7.1 stable
    freebsd freebsd 7.2
    freebsd freebsd 7.2 pre-release
    freebsd freebsd 7.2 stable
    freebsd freebsd 8.0
    freebsd freebsd 8.1-prerelease
    nrl opie 2.2
    nrl opie 2.3
    nrl opie 2.4
    nrl opie * test1
    nrl opie 2.10
    nrl opie 2.11
    nrl opie 2.21
    nrl opie 2.22
    nrl opie 2.32
    freebsd freebsd 7.0 -
    freebsd freebsd 6.4 -
    freebsd freebsd 7.1 -
    freebsd freebsd 7.1 rc1
    freebsd freebsd 7.2 pre-release
    freebsd freebsd 7.1 release-p5
    freebsd freebsd 7.0 release-p12
    freebsd freebsd 6.4 stable
    freebsd freebsd 6.4 release_p4
    freebsd freebsd 6.4 release
    freebsd freebsd 6.4 release_p3
    freebsd freebsd 6.4 release_p2
    freebsd freebsd 6.4 release_p5
    freebsd freebsd 7.2 rc2
    freebsd freebsd 7.2 stable
    freebsd freebsd 8.0 -
    freebsd freebsd 7.0 stable
    freebsd freebsd 7.2 -
    freebsd freebsd 8.1 pre-release