Astra Linux - уязвимость в atftp

There is an exploitable denial-of-service vulnerability in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests triggers an assert call, resulting in a denial-of-service attack. An attacker can send a sequence of malicious packets...

CVE-2019-11366

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the threadlistmutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If threaddata is NULL when assigned to current, a...

CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this...

DEBIAN-CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this...

CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this...

CVE-2019-11365

An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this...

Debian DSA-314-1 : atftp - buffer overflow

Rick Patel discovered that atftpd is vulnerable to a buffer overflow when a long filename is sent to the server. An attacker could exploit this bug remotely to execute arbitrary code on the server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

DSA-314 atftp - buffer overflow

Bulletin has no description...

Atftpd 0.6 - atftpdx.c Remote Command Execution

Atftpd 0.6 - atftpdx.c Remote Command Execution / PoC linux/86 remote exploit against atftpd c gunzip FIXED / include include include include include include include include include include define HEAPSTART 0x080514b4 define HEAPEND 0x080594b4 define BACKDOOR "rfe" / port MUST be 1024 / define...

possible remote buffer overflow in atftpd

Hello, There is possible remote buffer overflow in atftpd. It has to do with length of filename which client sends to atftpd server. If you send filename over 253 bytes, it crashes with segfault. When I attach to process with gdb I can see it trying to run instruction from EIP 0x41414141. That ca...