Source: atftp Version: 0.7.git20120829-3 Severity: grave Tags: patch security upstream
Hi, The following vulnerabilities were published for atftp. CVE-2019-11365[0]: | An issue was discovered in atftpd in atftp 0.7.1. A remote attacker | may send a crafted packet triggering a stack-based buffer overflow due | to an insecurely implemented strncpy call. The vulnerability is | triggered by sending an error packet of 3 bytes or fewer. There are | multiple instances of this vulnerable strncpy pattern within the code | base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, | and tftp_mtftp.c. CVE-2019-11366[1]: | An issue was discovered in atftpd in atftp 0.7.1. It does not lock the | thread_list_mutex mutex before assigning the current thread data | structure. As a result, the daemon is vulnerable to a denial of | service attack due to a NULL pointer dereference. If thread_data is | NULL when assigned to current, and modified by another thread before a | certain tftpd_list.c check, there is a crash when dereferencing | current->next. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11365 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11365 https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/ [1] https://security-tracker.debian.org/tracker/CVE-2019-11366 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11366 https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/ [2] https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities Regards, Salvatore
