Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1091-1

Опубликовано: 29 апр. 2019
Источник: suse-cvrf

Описание

Security update for atftp

This update for atftp fixes the following issues:

Security issues fixed:

  • CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145).
  • CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114).

Список пакетов

SUSE Enterprise Storage 4
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Desktop 12 SP3
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Desktop 12 SP4
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12 SP2-BCL
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12 SP2-LTSS
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12 SP3
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12 SP4
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12-LTSS
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
atftp-0.7.0-160.8.1
SUSE OpenStack Cloud 7
atftp-0.7.0-160.8.1

Ссылки

Описание

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.

Затронутые продукты
SUSE Enterprise Storage 4:atftp-0.7.0-160.8.1
SUSE Linux Enterprise Desktop 12 SP3:atftp-0.7.0-160.8.1
SUSE Linux Enterprise Desktop 12 SP4:atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:atftp-0.7.0-160.8.1
Ссылки

Описание

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

Затронутые продукты
SUSE Enterprise Storage 4:atftp-0.7.0-160.8.1
SUSE Linux Enterprise Desktop 12 SP3:atftp-0.7.0-160.8.1
SUSE Linux Enterprise Desktop 12 SP4:atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:atftp-0.7.0-160.8.1
Ссылки