In co-operation with Maksymilian Arciemowicz we were analysing implementation of OPIE Authentication System on FreeBSD. The result is discovered off-by-one vulnerability in library ‘libopie’. The most interesting point of this vulnerability is a possibility to exploit it pre-auth remotely!
A lot of softwares using this library for authentication module. For example FreeBSD team change a little the source of the OpenSSH. They added in some places the code which use the libopie 😉 The same changed code is used by DragnoflyBSD. OpenSuSe is using libopie too. Novell systems too.
We’ve analysed exploiting way in default FTP daemon for FreeBSD 8.0. Official FreeBSD’s advisory is available here.
Out advisory is available here and here and… check the bugtraq list 😉
Best regards,
Adam Zabrocki
Yesterday (30 of April) I gave a lecture in WA (White Area) at CERN. I was talking about my new project (in fact Master of Degree thesis topic). This is automated testing tool which uses fuzzing technique. It can be used for generate CLI, API, Unit, Functionally, Regression, … , tests – in fact we can use it for all types of tests. Generated programs are independent from language. It can generate output program in JAVA, C, C++, Assembler, Python, Perl, C#, … languages – we can simply add new modules for add new languages. To be more flexible, framework used Aspect-Oriented Programming (AOP). First beta version of framework is published on CERN svn servers. It is integrated with DPM CLI tests and works pretty well 😉
In the future maybe I will publish some more details.
Btw. This project can be simply adapted for search vulnerabilities in software 😉
Best regards,
Adam Zabrocki