Script ftp-libopie

Script types: portrule
Categories: vuln, intrusive
Download: https://svn.nmap.org/nmap/scripts/ftp-libopie.nse

Script Summary

Checks if an FTPd is prone to CVE-2010-1938 (OPIE off-by-one stack overflow), a vulnerability discovered by Maksymilian Arciemowicz and Adam "pi3" Zabrocki. See the advisory at https://nmap.org/r/fbsd-sa-opie. Be advised that, if launched against a vulnerable host, this script will crash the FTPd.

Script Arguments

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap -sV --script=ftp-libopie <target>

Script Output

PORT   STATE SERVICE
21/tcp open  ftp
| ftp-libopie:
|   VULNERABLE:
|   OPIE off-by-one stack overflow
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2010-1938  BID:40403
|     Risk factor: High  CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
|     Description:
|       An off-by-one error in OPIE library 2.4.1-test1 and earlier, allows remote
|       attackers to cause a denial of service or possibly execute arbitrary code
|       via a long username.
|     Disclosure date: 2010-05-27
|     References:
|       http://site.pi3.com.pl/adv/libopie-adv.txt
|       http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
|       https://www.securityfocus.com/bid/40403
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938

Requires

• nmap
• shortport
• string
• vulns

---

Author:

• Ange Gutek

License: Same as Nmap--See https://nmap.org/book/man-legal.html