CVE-2019-11366
Published: 20 April 2019
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
From the Ubuntu Security Team
It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
atftp Launchpad, Ubuntu, Debian |
bionic |
Released
(0.7.20120829-3.1~0.18.04.1)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Not vulnerable
(0.7.git20120829-3.1)
|
|
| focal |
Not vulnerable
(0.7.git20120829-3.1)
|
|
| groovy |
Not vulnerable
(0.7.git20120829-3.1)
|
|
| trusty |
Does not exist
(trusty was needs-triage)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(0.7.20120829-3.1~0.16.04.1)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.9 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
- https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/
- https://ubuntu.com/security/notices/USN-4540-1
- https://ubuntu.com/security/notices/USN-4643-1
- https://www.cve.org/CVERecord?id=CVE-2019-11366
- NVD
- Launchpad
- Debian