{"id":111,"date":"2010-05-27T10:17:32","date_gmt":"2010-05-27T08:17:32","guid":{"rendered":"http:\/\/blog.pi3.com.pl\/?p=111"},"modified":"2010-05-27T10:56:33","modified_gmt":"2010-05-27T08:56:33","slug":"opie-authentication-system-off-by-one","status":"publish","type":"post","link":"https:\/\/blog.pi3.com.pl\/?p=111","title":{"rendered":"OPIE Authentication System off-by-one"},"content":{"rendered":"<p>In co-operation with Maksymilian Arciemowicz we were analysing implementation of\u00a0 OPIE Authentication System on FreeBSD. The result is discovered off-by-one vulnerability in library &#8216;libopie&#8217;. The most interesting point of this vulnerability is a possibility to exploit it pre-auth remotely!<\/p>\n<p>A lot of softwares using this library for authentication module. For example FreeBSD team change a little the source of\u00a0 the OpenSSH. They added in some places the code which use the libopie \ud83d\ude09 The same changed code is used by DragnoflyBSD. OpenSuSe is using libopie too. Novell systems too.<\/p>\n<p>We&#8217;ve analysed exploiting way in default FTP daemon for FreeBSD 8.0. Official FreeBSD&#8217;s advisory is available <a href=\"http:\/\/security.freebsd.org\/advisories\/FreeBSD-SA-10:05.opie.asc\" target=\"_blank\">here.<\/a><\/p>\n<p>Out advisory is available <a href=\"http:\/\/site.pi3.com.pl\/adv\/libopie-adv.txt\" target=\"_blank\">here<\/a> and <a href=\"http:\/\/securityreason.com\/achievement_securityalert\/87\" target=\"_blank\">here<\/a> and&#8230; check the bugtraq list \ud83d\ude09<\/p>\n<p>Best regards,<\/p>\n<p>Adam Zabrocki<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In co-operation with Maksymilian Arciemowicz we were analysing implementation of\u00a0 OPIE Authentication System on FreeBSD. The result is discovered off-by-one vulnerability in library &#8216;libopie&#8217;. The most interesting point of this vulnerability is a possibility to exploit it pre-auth remotely! A lot of softwares using this library for authentication module. For example FreeBSD team change a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-111","post","type-post","status-publish","format-standard","hentry","category-o-wszystkim-i-o-niczym"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=111"}],"version-history":[{"count":5,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/111\/revisions"}],"predecessor-version":[{"id":115,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/111\/revisions\/115"}],"wp:attachment":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}