PT-2019-2186 · Atftp+3 · Atftp+3

Denis Andzakovic

Publicado

2019-04-14

Atualizado

2024-06-15

CVE-2019-11365

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions atftp version 0.7.1

Description A remote attacker may send a crafted packet to trigger a stack-based buffer overflow due to an insecurely implemented strncpy call. The issue is triggered by sending an error packet of 3 bytes or fewer. The vulnerable strncpy pattern is found within multiple files, including tftpd file.c, tftp file.c, tftpd mtftp.c, and tftp mtftp.c.

Recommendations For atftp version 0.7.1, consider restricting access to the atftpd service until a patch is available to prevent exploitation of the buffer overflow vulnerability. As a temporary workaround, avoid using the strncpy function in the affected code files until the issue is resolved.

Exploit

Correção

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

ALT-PU-2020-3133

ALT-PU-2020-3153

ALT-PU-2022-2609

BDU:2019-01952

CVE-2019-11365

DLA-1783-1

DSA-4438-1

OPENSUSE-SU-2024:10636-1

SUSE-SU-2019:1091-1

SUSE-SU-2019:14033-1

SUSE-SU-2019_1091-1

SUSE-SU-2019_14033-1

USN-4540-1

USN-4643-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Atftp

PT-2019-2186 · Atftp+3 · Atftp+3

CVE-2019-11365

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36