Details of VAR-201207-0005

ID

VAR-201207-0005

CVE

CVE-2011-2199

TITLE

Tftp-hpa FTP Server 'utimeout' option remote buffer overflow vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-2424 // BID: 48411

DESCRIPTION

Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. Tftpd-hpa is a feature-enhanced TFTP server. There is a buffer overflow in the function that sets the utimeout option in the tftp-hpa daemon. This vulnerability can be exploited remotely because the program receives options from the client settings. tftp-hpa FTP server is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to tftp-hpa 5.1 are vulnerable. PRE-CERT Security Advisory ========================== * Advisory: PRE-SA-2011-05 * Released on: 22 Jun 2011 * Last updated on: 22 Jun 2011 * Affected product: tftp-hpa 0.30 - 5.0 * Impact: buffer overflow * Origin: remote tftp client * Credit: Timo Warns (PRESENSE Technologies GmbH) * CVE Identifier: CVE-2011-2199 Summary ------- The tftp-hpa daemon contains a buffer overflow vulnerability in the function for setting the utimeout option. Solution -------- For a patch, see http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8 References ---------- When further information becomes available, this advisory will be updated. The most recent version of this advisory is available at: http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt Contact ------- PRE-CERT can be reached under precert@pre-secure.de. For PGP key information, refer to http://www.pre-cert.de/. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: tftp-hpa: Remote buffer overflow Date: June 21, 2012 Bugs: #374001 ID: 201206-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability was found in tftp-hpa, which leads to remote execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/tftp-hpa < 5.1 >= 5.1 Description =========== A vulnerability has been discovered in tftp-hpa. Please review the CVE identifier referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All tftp-hpa users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/tftp-hpa-5.1" References ========== [ 1 ] CVE-2011-2199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2199 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2011-2199 // JVNDB: JVNDB-2011-005102 // CNVD: CNVD-2011-2424 // BID: 48411 // PACKETSTORM: 102552 // PACKETSTORM: 114038

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-2424

AFFECTED PRODUCTS

vendor:	h peter anvin	model:	tftp-hpa	scope:	lte	version:	5.0	Trust: 1.0
vendor:	h	model:	peter anvin tftp-hpa	scope:	eq	version:	5.0	Trust: 0.9
vendor:	h peter anvin	model:	tftp-hpa	scope:	lt	version:	5.1	Trust: 0.8
vendor:	h peter anvin	model:	tftp-hpa	scope:	eq	version:	5.0	Trust: 0.6
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	h	model:	peter anvin tftp-hpa	scope:	ne	version:	5.1	Trust: 0.3

sources: CNVD: CNVD-2011-2424 // BID: 48411 // JVNDB: JVNDB-2011-005102 // CNNVD: CNNVD-201106-298 // NVD: CVE-2011-2199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2199
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-2199
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201106-298
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2011-2199
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2011-005102 // CNNVD: CNNVD-201106-298 // NVD: CVE-2011-2199

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-005102 // NVD: CVE-2011-2199

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 114038 // CNNVD: CNNVD-201106-298

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201106-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005102

PATCH

title:	GLSA 201206-12	url:	http://www.gentoo.org/security/en/glsa/glsa-201206-12.xml	Trust: 0.8
title:	network/tftp/tftp-hpa.git / commitdiff	url:	http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8	Trust: 0.8
title:	network/tftp/tftp-hpa.git / blob	url:	http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=blob;f=CHANGES;h=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1;hb=badf05140d3c2408715a73a52c0f35887e337c04	Trust: 0.8
title:	Tftp-hpa FTP Server 'utimeout' option patch for remote buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/4250	Trust: 0.6
title:	tftp-hpa-5.1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=43873	Trust: 0.6

sources: CNVD: CNVD-2011-2424 // JVNDB: JVNDB-2011-005102 // CNNVD: CNNVD-201106-298

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2199	Trust: 3.5
db:	BID	id:	48411	Trust: 1.9
db:	OPENWALL	id:	OSS-SECURITY/2011/06/13/11	Trust: 1.6
db:	JVNDB	id:	JVNDB-2011-005102	Trust: 0.8
db:	CNVD	id:	CNVD-2011-2424	Trust: 0.6
db:	CNNVD	id:	CNNVD-201106-298	Trust: 0.6
db:	PACKETSTORM	id:	102552	Trust: 0.1
db:	PACKETSTORM	id:	114038	Trust: 0.1

sources: CNVD: CNVD-2011-2424 // BID: 48411 // JVNDB: JVNDB-2011-005102 // PACKETSTORM: 102552 // PACKETSTORM: 114038 // CNNVD: CNNVD-201106-298 // NVD: CVE-2011-2199

REFERENCES

url:	http://www.pre-cert.de/advisories/pre-sa-2011-05.txt	Trust: 2.6
url:	http://security.gentoo.org/glsa/glsa-201206-12.xml	Trust: 1.7
url:	http://www.securityfocus.com/bid/48411	Trust: 1.6
url:	http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3ba=blob%3bf=changes%3bh=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1%3bhb=badf05140d3c2408715a73a52c0f35887e337c04	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2011/06/13/11	Trust: 1.6
url:	http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3ba=commitdiff%3bh=f3035c45bc50bb5cac87ca01e7ef6a12485184f8	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2199	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2199	Trust: 0.8
url:	http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8	Trust: 0.4
url:	http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=blob;f=changes;h=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1;hb=badf05140d3c2408715a73a52c0f35887e337c04	Trust: 0.3
url:	http://freshmeat.net/projects/tftp-hpa/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2199	Trust: 0.2
url:	http://www.pre-cert.de/.	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2199	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

sources: CNVD: CNVD-2011-2424 // BID: 48411 // JVNDB: JVNDB-2011-005102 // PACKETSTORM: 102552 // PACKETSTORM: 114038 // CNNVD: CNNVD-201106-298 // NVD: CVE-2011-2199

CREDITS

Timo Warns

Trust: 1.0

sources: BID: 48411 // PACKETSTORM: 102552 // CNNVD: CNNVD-201106-298

SOURCES

db:	CNVD	id:	CNVD-2011-2424
db:	BID	id:	48411
db:	JVNDB	id:	JVNDB-2011-005102
db:	PACKETSTORM	id:	102552
db:	PACKETSTORM	id:	114038
db:	CNNVD	id:	CNNVD-201106-298
db:	NVD	id:	CVE-2011-2199

LAST UPDATE DATE

2024-08-14T14:58:23.086000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-2424	date:	2011-06-24T00:00:00
db:	BID	id:	48411	date:	2012-06-29T17:20:00
db:	JVNDB	id:	JVNDB-2011-005102	date:	2012-07-24T00:00:00
db:	CNNVD	id:	CNNVD-201106-298	date:	2023-02-14T00:00:00
db:	NVD	id:	CVE-2011-2199	date:	2023-02-13T04:30:59.597

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-2424	date:	2011-06-24T00:00:00
db:	BID	id:	48411	date:	2011-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2011-005102	date:	2012-07-24T00:00:00
db:	PACKETSTORM	id:	102552	date:	2011-06-24T09:13:54
db:	PACKETSTORM	id:	114038	date:	2012-06-22T03:23:12
db:	CNNVD	id:	CNNVD-201106-298	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2011-2199	date:	2012-07-22T17:55:00.993