• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability

OPIE is prone to a remote denial-of-service vulnerability due to an off-by-one error.

Remote attackers may exploit this issue to crash the application using the affected library, resulting in a denial of service. Given the nature of this vulnerability, attackers may be able to exploit it to execute arbitrary code, but this has not been confirmed.

OpenSSH using OPIE is reported vulnerable; other applications may also be affected.

NOTE: Further reports indicate that this issue is not exploitable, so this BID is being retired.