freebsd security - Sep 2003 - FW: opiekey segfault ... isn't that harmfull? it's setuid root

Hi, 

I dunno much about exploiting, but I was wondering about the setuid root
program 'opiepasswd' to use one-time-passwords.
When having a seed of (null) and a sequence of -1, I get a segfault.

Kernel/base:

FreeBSD lama.inet-solutions.be 4.8-RELEASE-p4 FreeBSD 4.8-RELEASE-p4 #0:
Sun Aug 31 21:00:38 CEST 2003
root@lama.inet-solutions.be:/usr/obj/usr/src/sys/LAMA  i386

Make.conf:

CPUTYPE=i686
CFLAGS= -O -pipe
CXXFLAGS+= -fmemoize-lookups -fsave-memoized
COPTFLAGS= -O -pipe
ENABLE_SUIDPERL=        true
PERL_VER=5.6.1
PERL_VERSION=5.6.1
PERL_ARCH=mach
NOPERL=yo
NO_PERL=yo
NO_PERL_WRAPPER=yo

This is my terminal output:

jimmy@lama (192.168.0.50) 13:47 ~ $ opiepasswd -c -n 1 -s ad2003
Adding jimmy:
Only use this method from the console; NEVER from remote. If you are
using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter new secret pass phrase: TESTtestTEST
Again new secret pass phrase: TESTtestTEST

ID jimmy OTP key is 1 ad2003
HUT SWAY DANE TOLL DAM JUDO
jimmy@lama (192.168.0.50) 13:47 ~ $ opiekey -n 2 1 ad2003
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Enter secret pass phrase: TESTtestTEST
0: FLEW SLAY STAN BUNK RAT BACH
1: HUT SWAY DANE TOLL DAM JUDO
jimmy@lama (192.168.0.50) 13:48 ~ $ ssh 192.168.0.50
otp-md5 0 ad2003 ext
Password: FLEW SLAY STAN BUNK RAT BACH
jimmy@lama (192.168.0.50) 13:49 ~ $ exit
Connection to 192.168.0.50 closed.
jimmy@lama (192.168.0.50) 13:51 ~ $ opieinfo
-1 (null)
jimmy@lama (192.168.0.50) 13:51 ~ $ opiepasswd
Updating jimmy:
Segmentation fault
jimmy@lama (192.168.0.50) 13:51 ~ $


Jimmy Scott