Multiple Vendors OPIE Off-by-one Stack Buffer Overflow
危険度: 緊急
CVE識別番号: CVE-2010-1938
情報公開日: 7 21, 2015
概要
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1004232
Trend Micro Deep Security DPI Rule Name: 1004232 - Multiple Vendors OPIE Off-by-one Stack Buffer Overflow
影響を受けるソフトウェア
- freebsd freebsd 6
- freebsd freebsd 6.4
- freebsd freebsd 7.0
- freebsd freebsd 7.0-release
- freebsd freebsd 7.0_beta4
- freebsd freebsd 7.0_releng
- freebsd freebsd 7.1
- freebsd freebsd 7.2
- freebsd freebsd 8.0
- freebsd freebsd 8.1-prerelease
- nrl opie 2.10
- nrl opie 2.11
- nrl opie 2.2
- nrl opie 2.21
- nrl opie 2.22
- nrl opie 2.3
- nrl opie 2.32
- nrl opie 2.4
- nrl opie 2.4.1