OPIE '__opiereadrec()' Off By One Heap Memory Corruption Vulnerability

OPIE is prone to an off-by-one memory-corruption vulnerability because it fails to properly bounds-check user-supplied data before copying it into a memory buffer.

Attackers can exploit this issue to crash a vulnerable application using OPIE, resulting in a denial-of-service condition. Attackers may also be able to run arbitrary code within the context of the vulnerable application.

This issue is reported to affect OPIE supplied with FreeBSD 6.x, 7.x, and 8.x; other platforms may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus