Nmap Development mailing list archives
Re: [NSE] ftp-libopie.nse in response to CVE-2010-1938
From: David Fifield <david () bamsoftware com>
Date: Sun, 13 Jun 2010 15:03:58 -0600
On Thu, May 27, 2010 at 07:34:39PM +0200, Gutek wrote:
A vulnerability that has been published today affects the OPIE Authentication System (libopie). According to the researchers it could hit many systems like - - OpenSuSE - - wu-ftpd - - mod_opie - - PAM - - openssh (modified by FreeBSD/DragonflyBSD Team) - - sudo - - opiesu - - popper - - Probably much more... Original advisory : http://securityreason.com/achievement_securityalert/87 See also : http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc Please find attached their PoC as a script for Nmap. Example Output : - -- PORT STATE SERVICE - -- 21/tcp open ftp - -- | ftp-libopie: Likely prone to CVE-2010-1938 (OPIE off-by-one stack overflow) - -- |_See http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
Were you able to test this against any live servers? This script is simple and I would like to add it. But first please add some more information to the script description. You need to state that this crashes the server if it is vulnerable. (Also say so in the script output, otherwise someone may scan again, not see the vulnerability detected, and be fooled.) Include the freebsd.org link in the scrtip description so it appears in the online documentation. Also put the script in the "vuln" category. It's a denial-of-service vulnerability if nothing else. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ftp-libopie.nse in response to CVE-2010-1938 Gutek (May 27)
- Re: [NSE] ftp-libopie.nse in response to CVE-2010-1938 Henri Salo (May 27)
- Re: [NSE] ftp-libopie.nse in response to CVE-2010-1938 David Fifield (Jun 13)
- Re: [NSE] ftp-libopie.nse in response to CVE-2010-1938 Gutek (Jun 14)
- Re: [NSE] ftp-libopie.nse in response to CVE-2010-1938 David Fifield (Jun 21)
- Re: [NSE] ftp-libopie.nse in response to CVE-2010-1938 Gutek (Jun 14)