9.3

CVE-2010-1938

EPSS 59.85%
Published 28.05.2010 18:30:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version6 Updatestable

Freebsd ≫ Freebsd Version6.4

Freebsd ≫ Freebsd Version6.4 Updaterelease

Freebsd ≫ Freebsd Version6.4 Updaterelease_p2

Freebsd ≫ Freebsd Version6.4 Updaterelease_p3

Freebsd ≫ Freebsd Version6.4 Updaterelease_p4

Freebsd ≫ Freebsd Version6.4 Updaterelease_p5

Freebsd ≫ Freebsd Version6.4 Updatestable

Freebsd ≫ Freebsd Version7.0

Freebsd ≫ Freebsd Version7.0 Updatebeta_4

Freebsd ≫ Freebsd Version7.0 Updatecurrent

Freebsd ≫ Freebsd Version7.0 Updatepre-release

Freebsd ≫ Freebsd Version7.0 Updaterelease

Freebsd ≫ Freebsd Version7.0 Updaterelease-p12

Freebsd ≫ Freebsd Version7.0 Updaterelease-p8

Freebsd ≫ Freebsd Version7.0 Updaterelease-p9

Freebsd ≫ Freebsd Version7.0 Updatereleng

Freebsd ≫ Freebsd Version7.0 Updatestable

Freebsd ≫ Freebsd Version7.0-release

Freebsd ≫ Freebsd Version7.0_beta4

Freebsd ≫ Freebsd Version7.0_releng

Freebsd ≫ Freebsd Version7.1

Freebsd ≫ Freebsd Version7.1 Updatepre-release

Freebsd ≫ Freebsd Version7.1 Updaterc1

Freebsd ≫ Freebsd Version7.1 Updaterelease-p1

Freebsd ≫ Freebsd Version7.1 Updaterelease-p2

Freebsd ≫ Freebsd Version7.1 Updaterelease-p4

Freebsd ≫ Freebsd Version7.1 Updaterelease-p5

Freebsd ≫ Freebsd Version7.1 Updaterelease-p6

Freebsd ≫ Freebsd Version7.1 Updatestable

Freebsd ≫ Freebsd Version7.2

Freebsd ≫ Freebsd Version7.2 Updatepre-release

Freebsd ≫ Freebsd Version7.2 Updatestable

Freebsd ≫ Freebsd Version8.0

Freebsd ≫ Freebsd Version8.1-prerelease

Nrl ≫ Opie Updatetest1 Version <= 2.4.1

Nrl ≫ Opie Version2.2

Nrl ≫ Opie Version2.3

Nrl ≫ Opie Version2.4

Nrl ≫ Opie Version2.10

Nrl ≫ Opie Version2.11

Nrl ≫ Opie Version2.21

Nrl ≫ Opie Version2.22

Nrl ≫ Opie Version2.32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	59.85%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://blog.pi3.com.pl/?p=111

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932

http://secunia.com/advisories/39963

Vendor Advisory

http://secunia.com/advisories/39966

Vendor Advisory

http://secunia.com/advisories/45136

http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc

Vendor Advisory

http://securityreason.com/achievement_securityalert/87

http://securityreason.com/securityalert/7450

http://securitytracker.com/id?1024040

http://securitytracker.com/id?1025709

http://site.pi3.com.pl/adv/libopie-adv.txt

http://www.debian.org/security/2011/dsa-2281

http://www.exploit-db.com/exploits/12762

http://www.securityfocus.com/bid/40403

https://nvd.nist.gov/vuln/detail/CVE-2010-1938

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1938

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1938

EUVD