FTP: FreeBSD 8.0 Off By One Heap Memory Corruption
This signature detects attempts to exploit a known vulnerability against FreeBSD 8.0. A successful attack can lead to arbitrary code execution.
Extended Description
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
Affected Products
Freebsd freebsd
Short Name
FTP:USER:FREEBSD-OFF-BY-ONE-MC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
8.0 By CVE-2010-1938 Corruption FreeBSD Heap Memory Off One bid:40403
Release Date
12/08/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Freebsd
Nrl
CVSS Score
9.3