Re: [NSE] ftp-libopie.nse in response to CVE-2010-1938

[David Fifield <david () bamsoftware com>]

On Thu, May 27, 2010 at 07:34:39PM +0200, Gutek wrote:
> A vulnerability that has been published today affects the OPIE
> Authentication System (libopie).
> According to the researchers it could hit many systems like
>
> - - OpenSuSE
> - - wu-ftpd
> - - mod_opie
> - - PAM
> - - openssh (modified by FreeBSD/DragonflyBSD Team)
> - - sudo
> - - opiesu
> - - popper
> - - Probably much more...
>
> Original advisory : http://securityreason.com/achievement_securityalert/87
> See also : http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
>
> Please find attached their PoC as a script for Nmap.
> Example Output :
> - -- PORT   STATE SERVICE
> - -- 21/tcp open  ftp
> - -- | ftp-libopie: Likely prone to CVE-2010-1938 (OPIE off-by-one stack
> overflow)
> - -- |_See http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc

Were you able to test this against any live servers? This script is
simple and I would like to add it. But first please add some more
information to the script description. You need to state that this
crashes the server if it is vulnerable. (Also say so in the script
output, otherwise someone may scan again, not see the vulnerability
detected, and be fooled.) Include the freebsd.org link in the scrtip
description so it appears in the online documentation.

Also put the script in the "vuln" category. It's a denial-of-service
vulnerability if nothing else.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/