Vulnerabilities > CVE-2019-11365 - Out-of-bounds Write vulnerability in Atftp Project Atftp 0.7.1

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
atftp-project
CWE-787
critical
nessus

Summary

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.

Vulnerable Configurations

Part Description Count
Application
Atftp_Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14033-1.NASL
    descriptionThis update for atftp fixes the following issues : Security issues fixed : CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124406
    published2019-04-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124406
    titleSUSE SLES11 Security Update : atftp (SUSE-SU-2019:14033-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4438.NASL
    descriptionDenis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets.
    last seen2020-06-01
    modified2020-06-02
    plugin id124683
    published2019-05-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124683
    titleDebian DSA-4438-1 : atftp - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1783.NASL
    descriptionDenis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id124778
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124778
    titleDebian DLA-1783-1 : atftp security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1091-1.NASL
    descriptionThis update for atftp fixes the following issues : Security issues fixed : CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124405
    published2019-04-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124405
    titleSUSE SLED12 / SLES12 Security Update : atftp (SUSE-SU-2019:1091-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-14 (atftp: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in atftp. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted packet to an atftp instance, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134591
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134591
    titleGLSA-202003-14 : atftp: Multiple vulnerabilities