Debian Linux Security Advisory 2281-1 - Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation (CVE-2011-2490) and an off-by-one error, which can lead to the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-one error (CVE-2010-1938), which only affects the lenny version as the fix was already included for squeeze.
c1534265ead6607e9cdaa8776430d7bb5a00f79dbdf8d6a6931105d8ec20bf6d
Ubuntu Security Notice 955-2 - USN-955-1 fixed vulnerabilities in OPIE. This update provides rebuilt libpam-opie packages against the updated libopie library. Original advisory details: Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service.
6d881d1bf9449ce4551c894d833aa443a26b38c042725b55ac1b136dc42f49db
Ubuntu Security Notice 955-1 - Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service.
507803c47313ade3c813f28b126c91b99fa0c93c366cc7954e2e3af2d7f85dd0
OPIE off-by-one stack overflow nmap .nse script file.
b74a93bb6e0c9f96d0f3f1d36ffc30f0dc2f7c656db759c80b3d81076c9f98a5
FreeBSD version 8.0 ftpd off-by-one proof of concept exploit.
a17d270d62782bdb0279584ea2dad8c8fe353c35767657f09ffda201da15d4f5
FreeBSD Security Advisory - A programming error in the OPIE library could allow an off-by-one buffer overflow to write a single zero byte beyond the end of an on-stack buffer.
131cb41ee3226c91716b15316e0d2870cb7092520923a4ace9a5c051500f74a1