Search criteria
4 vulnerabilities by nrl
CVE-2011-2490 (GCVE-0-2011-2490)
Vulnerability from cvelistv5 – Published: 2011-07-27 01:29 – Updated: 2024-08-06 23:00
VLAI
Summary
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/23/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/06/22/6 | mailing-listx_refsource_MLIST |
| https://hermes.opensuse.org/messages/10082052 | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.novell.com/show_bug.cgi?id=698772 | x_refsource_CONFIRM |
| http://www.debian.org/security/2011/dsa-2281 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/39966 | third-party-advisoryx_refsource_SECUNIA |
| https://hermes.opensuse.org/messages/10082068 | vendor-advisoryx_refsource_SUSE |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/48390 | vdb-entryx_refsource_BID |
| https://bugzillafiles.novell.org/attachment.cgi?i… | x_refsource_CONFIRM |
| http://secunia.com/advisories/45448 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/45136 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "SUSE-SU-2011:0849",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"
},
{
"name": "48390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"
},
{
"name": "45448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "SUSE-SU-2011:0849",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"
},
{
"name": "48390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"
},
{
"name": "45448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=698772",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"name": "DSA-2281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "39966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39966"
},
{
"name": "SUSE-SU-2011:0849",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631345"
},
{
"name": "48390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48390"
},
{
"name": "https://bugzillafiles.novell.org/attachment.cgi?id=435901",
"refsource": "CONFIRM",
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435901"
},
{
"name": "45448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2490",
"datePublished": "2011-07-27T01:29:00.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:34.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2489 (GCVE-0-2011-2489)
Vulnerability from cvelistv5 – Published: 2011-07-27 01:29 – Updated: 2024-08-06 23:00
VLAI
Summary
Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/23/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/06/22/6 | mailing-listx_refsource_MLIST |
| https://hermes.opensuse.org/messages/10082052 | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.novell.com/show_bug.cgi?id=698772 | x_refsource_CONFIRM |
| https://bugzillafiles.novell.org/attachment.cgi?i… | x_refsource_CONFIRM |
| http://www.debian.org/security/2011/dsa-2281 | vendor-advisoryx_refsource_DEBIAN |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344 | x_refsource_CONFIRM |
| https://hermes.opensuse.org/messages/10082068 | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/48390 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/45448 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/45136 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"
},
{
"name": "SUSE-SU-2011:0849",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"name": "48390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48390"
},
{
"name": "45448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"
},
{
"name": "SUSE-SU-2011:0849",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"name": "48390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48390"
},
{
"name": "45448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110623 Re: CVE requests: opie off by one and setuid() failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/23/5"
},
{
"name": "[oss-security] 20110622 CVE requests: opie off by one and setuid() failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/22/6"
},
{
"name": "openSUSE-SU-2011:0848",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/10082052"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=698772",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=698772"
},
{
"name": "https://bugzillafiles.novell.org/attachment.cgi?id=435902",
"refsource": "CONFIRM",
"url": "https://bugzillafiles.novell.org/attachment.cgi?id=435902"
},
{
"name": "DSA-2281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631344"
},
{
"name": "SUSE-SU-2011:0849",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/10082068"
},
{
"name": "48390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48390"
},
{
"name": "45448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45448"
},
{
"name": "45136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2489",
"datePublished": "2011-07-27T01:29:00.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:34.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1938 (GCVE-0-2010-1938)
Vulnerability from cvelistv5 – Published: 2010-05-28 18:00 – Updated: 2024-08-07 02:17
VLAI
Summary
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2010-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-18T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pi3.com.pl/?p=111",
"refsource": "MISC",
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40403"
},
{
"name": "http://site.pi3.com.pl/adv/libopie-adv.txt",
"refsource": "MISC",
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025709"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1938",
"datePublished": "2010-05-28T18:00:00.000Z",
"dateReserved": "2010-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:13.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1483 (GCVE-0-2001-1483)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 04:58
VLAI
Summary
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/2001111522… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/3549 | vdb-entryx_refsource_BID |
Date Public
2001-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "opie-verify-accounts(7572)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7572"
},
{
"name": "20011115 Re: OpenSSH \u0026 S/Key information leakage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0%40atlas.dgp.toronto.edu"
},
{
"name": "3549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "opie-verify-accounts(7572)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7572"
},
{
"name": "20011115 Re: OpenSSH \u0026 S/Key information leakage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0%40atlas.dgp.toronto.edu"
},
{
"name": "3549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "opie-verify-accounts(7572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7572"
},
{
"name": "20011115 Re: OpenSSH \u0026 S/Key information leakage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0@atlas.dgp.toronto.edu"
},
{
"name": "3549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1483",
"datePublished": "2005-06-21T04:00:00.000Z",
"dateReserved": "2005-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:58:11.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}