Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability
BID:23669
Info
Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability
| Bugtraq ID: | 23669 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 25 2007 12:00AM |
| Updated: | Jul 17 2008 08:29PM |
| Credit: | Nico Golde is credited with the discovery of this vulnerability. |
| Vulnerable: |
NRL OPIE 2.32 NRL OPIE 2.4 |
| Not Vulnerable: | |
Discussion
Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability
OPIE is prone to a remote denial-of-service vulnerability due to an off-by-one error.
Remote attackers may exploit this issue to crash the application using the affected library, resulting in a denial of service. Given the nature of this vulnerability, attackers may be able to exploit it to execute arbitrary code, but this has not been confirmed.
OpenSSH using OPIE is reported vulnerable; other applications may also be affected.
NOTE: Further reports indicate that this issue is not exploitable, so this BID is being retired.
OPIE is prone to a remote denial-of-service vulnerability due to an off-by-one error.
Remote attackers may exploit this issue to crash the application using the affected library, resulting in a denial of service. Given the nature of this vulnerability, attackers may be able to exploit it to execute arbitrary code, but this has not been confirmed.
OpenSSH using OPIE is reported vulnerable; other applications may also be affected.
NOTE: Further reports indicate that this issue is not exploitable, so this BID is being retired.
Exploit / POC
Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
NOTE: Further reports indicate that this issue is not exploitable, so this BID is being retired.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
NOTE: Further reports indicate that this issue is not exploitable, so this BID is being retired.
References
Retired: OPIE Accessfile.C Remote Denial of Service Vulnerability
References:
References:
- Debian Bug report logs - #414015 off-by-one in accessfile.c (Nico Golde)
- OPIE (The Inner Net)