PRE-CERT Security Advisory - The tftp-hpa daemon contains a buffer overflow vulnerability in the function for setting the utimeout option. As the daemon accepts the option from clients, the vulnerability can be remotely exploited. Versions 0.30 through 5.0 are affected.
0a46a4e113dabe89a5380ccddb1dda0c299749eccc3f07ddbd3134e705cf6484PRE-CERT Security Advisory
==========================
* Advisory: PRE-SA-2011-05
* Released on: 22 Jun 2011
* Last updated on: 22 Jun 2011
* Affected product: tftp-hpa 0.30 - 5.0
* Impact: buffer overflow
* Origin: remote tftp client
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2011-2199
Summary
-------
The tftp-hpa daemon contains a buffer overflow vulnerability in the
function for setting the utimeout option. As the daemon accepts the
option from clients, the vulnerability can be remotely exploited.
Solution
--------
For a patch, see
http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
References
----------
When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:
http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt
Contact
-------
PRE-CERT can be reached under precert@pre-secure.de. For PGP
key information, refer to http://www.pre-cert.de/.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed