Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-05-28T18:00:00
Updated: 2010-06-18T09:00:00
Reserved: 2010-05-13T00:00:00
Link: CVE-2010-1938
JSON object: View
NVD Information
Status : Modified
Published: 2010-05-28T18:30:01.470
Modified: 2011-07-29T02:37:14.080
Link: CVE-2010-1938
JSON object: View
Redhat Information
No data.
CWE