lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4E04DB32.6070504@pre-sense.de>
Date: Fri, 24 Jun 2011 20:45:06 +0200
From: Timo Warns <warns@...-sense.de>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [PRE-SA-2011-05] Buffer overflow in tftp-hpa
	daemon

PRE-CERT Security Advisory
==========================

* Advisory: PRE-SA-2011-05
* Released on: 22 Jun 2011
* Last updated on: 22 Jun 2011
* Affected product: tftp-hpa 0.30 - 5.0
* Impact: buffer overflow
* Origin: remote tftp client
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2011-2199


Summary
-------

The tftp-hpa daemon contains a buffer overflow vulnerability in the
function for setting the utimeout option. As the daemon accepts the
option from clients, the vulnerability can be remotely exploited.


Solution
--------

For a patch, see
http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8


References
----------

When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:

http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt


Contact
-------

PRE-CERT can be reached under precert@...-secure.de. For PGP
key information, refer to http://www.pre-cert.de/.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ