Описание
Security update for atftp
This update for atftp fixes the following issues:
Security issues fixed:
- CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145).
- CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2019:14033-1
- E-Mail link for SUSE-SU-2019:14033-1
- SUSE Security Ratings
- SUSE Bug 1133114
- SUSE Bug 1133145
- SUSE CVE CVE-2019-11365 page
- SUSE CVE CVE-2019-11366 page
Описание
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
Затронутые продукты
Ссылки
- CVE-2019-11365
- SUSE Bug 1133114
Описание
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
Затронутые продукты
Ссылки
- CVE-2019-11366
- SUSE Bug 1133145