Vulnerabilities > CVE-2019-11366 - NULL Pointer Dereference vulnerability in Atftp Project Atftp 0.7.1

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
high complexity
atftp-project
CWE-476
nessus

Summary

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

Vulnerable Configurations

Part Description Count
Application
Atftp_Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14033-1.NASL
    descriptionThis update for atftp fixes the following issues : Security issues fixed : CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124406
    published2019-04-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124406
    titleSUSE SLES11 Security Update : atftp (SUSE-SU-2019:14033-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4438.NASL
    descriptionDenis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets.
    last seen2020-06-01
    modified2020-06-02
    plugin id124683
    published2019-05-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124683
    titleDebian DSA-4438-1 : atftp - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1783.NASL
    descriptionDenis Andzakovic discovered two vulnerabilities in atftp, the advanced TFTP server which could result in denial of service by sending malformed packets. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id124778
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124778
    titleDebian DLA-1783-1 : atftp security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1091-1.NASL
    descriptionThis update for atftp fixes the following issues : Security issues fixed : CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124405
    published2019-04-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124405
    titleSUSE SLED12 / SLES12 Security Update : atftp (SUSE-SU-2019:1091-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-14 (atftp: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in atftp. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted packet to an atftp instance, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134591
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134591
    titleGLSA-202003-14 : atftp: Multiple vulnerabilities