Search criteria
3 vulnerabilities by nrl
CVE-2011-2489 (GCVE-0-2011-2489)
Vulnerability from cvelistv5 – Published: 2011-07-27 01:29 – Updated: 2024-08-06 23:00
VLAI?
Summary
Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"
},
{
"name": "SUSE-SU-2011:0849",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"name": "48390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48390"
},
{
"name": "45448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"
},
{
"name": "SUSE-SU-2011:0849",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"name": "48390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48390"
},
{
"name": "45448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=698772",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"name": "https://bugzillafiles.novell.org/attachment.cgi?id=435902",
"refsource": "CONFIRM",
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"
},
{
"name": "DSA-2281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"
},
{
"name": "SUSE-SU-2011:0849",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"name": "48390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48390"
},
{
"name": "45448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2489",
"datePublished": "2011-07-27T01:29:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2490 (GCVE-0-2011-2490)
Vulnerability from cvelistv5 – Published: 2011-07-27 01:29 – Updated: 2024-08-06 23:00
VLAI?
Summary
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "SUSE-SU-2011:0849",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"
},
{
"name": "48390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"
},
{
"name": "45448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "SUSE-SU-2011:0849",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"
},
{
"name": "48390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"
},
{
"name": "45448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=698772",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"name": "DSA-2281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "39966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39966"
},
{
"name": "SUSE-SU-2011:0849",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"
},
{
"name": "48390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48390"
},
{
"name": "https://bugzillafiles.novell.org/attachment.cgi?id=435901",
"refsource": "CONFIRM",
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"
},
{
"name": "45448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2490",
"datePublished": "2011-07-27T01:29:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1938 (GCVE-0-2010-1938)
Vulnerability from cvelistv5 – Published: 2010-05-28 18:00 – Updated: 2024-08-07 02:17
VLAI?
Summary
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pi3.com.pl/?p=111",
"refsource": "MISC",
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40403"
},
{
"name": "http://site.pi3.com.pl/adv/libopie-adv.txt",
"refsource": "MISC",
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025709"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1938",
"datePublished": "2010-05-28T18:00:00",
"dateReserved": "2010-05-13T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}