In co-operation with Maksymilian Arciemowicz we were analysing implementation of OPIE Authentication System on FreeBSD. The result is discovered off-by-one vulnerability in library ‘libopie’. The most interesting point of this vulnerability is a possibility to exploit it pre-auth remotely!
A lot of softwares using this library for authentication module. For example FreeBSD team change a little the source of the OpenSSH. They added in some places the code which use the libopie 😉 The same changed code is used by DragnoflyBSD. OpenSuSe is using libopie too. Novell systems too.
We’ve analysed exploiting way in default FTP daemon for FreeBSD 8.0. Official FreeBSD’s advisory is available here.