| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8369040.8772271275046906257.JavaMail.juha-matti.laurio@netti.fi> Date: Fri, 28 May 2010 14:41:46 +0300 (EEST) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: Henri Salo <henri@...v.fi>, full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: ftp-libopie.nse in response to CVE-2010-1938 If you forward information posted to another mailling list it is recommended to add ''Fwd:" to the subject line or point to original posting, i.e. http://seclists.org/nmap-dev/2010/q2/635 Juha-Matti Henri Salo [henri@...v.fi] kirjoitti: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > A vulnerability that has been published today affects the OPIE > Authentication System (libopie). > According to the researchers it could hit many systems like > > - - OpenSuSE > - - wu-ftpd > - - mod_opie > - - PAM > - - openssh (modified by FreeBSD/DragonflyBSD Team) > - - sudo > - - opiesu > - - popper > - - Probably much more... > > Original advisory : > http://securityreason.com/achievement_securityalert/87 See also : > http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc > > Please find attached their PoC as a script for Nmap. > Example Output : > - -- PORT STATE SERVICE > - -- 21/tcp open ftp > - -- | ftp-libopie: Likely prone to CVE-2010-1938 (OPIE off-by-one stack > overflow) > - -- |_See > http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc > > A.G. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.12 (GNU/Linux) > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkv+rS8ACgkQ3aDTTO0ha7j4igCffydmk9Y+U6ocVSNI5RwopoGh > vc0AniRSZZEkW5vgImS4czZsTTzS1bqf > =No6K > -----END PGP SIGNATURE----- > > > _______________________________________________ > Sent through the nmap-dev mailing list > http://cgi.insecure.org/mailman/listinfo/nmap-dev > Archived at http://seclists.org/nmap-dev/ > _______________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists