CVE-2010-1938

FreeBSD 6.4-8.1-PRERELEASE - Denial of Service or Remote Code Execution via Long Username

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1938. PoCs published by Maksymilian Arciemowicz, Nexxus67.

AI-analyzed exploit summary This PoC demonstrates an off-by-one vulnerability in FreeBSD 8.0 ftpd by sending an overly long username, causing a connection closure. It exploits a buffer overflow in the authentication process.

Description

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Maksymilian Arciemowicz · textdosfreebsd
https://www.exploit-db.com/exploits/12762

This PoC demonstrates an off-by-one vulnerability in FreeBSD 8.0 ftpd by sending an overly long username, causing a connection closure. It exploits a buffer overflow in the authentication process.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: FreeBSD ftpd 6.00LS
No auth needed
Prerequisites: network access to the target ftpd service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by Nexxus67 · poc
https://github.com/Nexxus67/cve-2010-1938

This repository contains a functional Python exploit for CVE-2010-1938, an off-by-one vulnerability in the OPIE library affecting FTP servers. The exploit includes fuzzing capabilities, payload generation, and crash detection to test for DoS or potential RCE.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: FTP servers using OPIE library
No auth needed
Prerequisites: Network access to target FTP server · Python 3.9+
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (14)

Core 14
Core References
Various Sources x_refsource_misc
http://blog.pi3.com.pl/?p=111
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/7450
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40403
Various Sources x_refsource_misc
http://site.pi3.com.pl/adv/libopie-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024040
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2281
Vendor Advisory vendor-advisory x_refsource_freebsd
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39966
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12762
Third Party Advisory third-party-advisory x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/87
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025709
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39963
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45136

Scores

EPSS 0.2199
EPSS Percentile 97.4%

Details

CWE
CWE-189
Status published
Products (19)
freebsd/freebsd 6 stable
freebsd/freebsd 6.4 (7 CPE variants)
freebsd/freebsd 7.0 (10 CPE variants)
freebsd/freebsd 7.0-release
freebsd/freebsd 7.0_beta4
freebsd/freebsd 7.0_releng
freebsd/freebsd 7.1 (9 CPE variants)
freebsd/freebsd 7.2 (3 CPE variants)
freebsd/freebsd 8.0
freebsd/freebsd 8.1-prerelease
... and 9 more
Published May 28, 2010
Tracked Since Feb 18, 2026