ID

VAR-201207-0005


CVE

CVE-2011-2199


TITLE

Tftp-hpa FTP Server 'utimeout' option remote buffer overflow vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-2424 // BID: 48411

DESCRIPTION

Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. Tftpd-hpa is a feature-enhanced TFTP server. There is a buffer overflow in the function that sets the utimeout option in the tftp-hpa daemon. This vulnerability can be exploited remotely because the program receives options from the client settings. tftp-hpa FTP server is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to tftp-hpa 5.1 are vulnerable. PRE-CERT Security Advisory ========================== * Advisory: PRE-SA-2011-05 * Released on: 22 Jun 2011 * Last updated on: 22 Jun 2011 * Affected product: tftp-hpa 0.30 - 5.0 * Impact: buffer overflow * Origin: remote tftp client * Credit: Timo Warns (PRESENSE Technologies GmbH) * CVE Identifier: CVE-2011-2199 Summary ------- The tftp-hpa daemon contains a buffer overflow vulnerability in the function for setting the utimeout option. Solution -------- For a patch, see http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8 References ---------- When further information becomes available, this advisory will be updated. The most recent version of this advisory is available at: http://www.pre-cert.de/advisories/PRE-SA-2011-05.txt Contact ------- PRE-CERT can be reached under precert@pre-secure.de. For PGP key information, refer to http://www.pre-cert.de/. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: tftp-hpa: Remote buffer overflow Date: June 21, 2012 Bugs: #374001 ID: 201206-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability was found in tftp-hpa, which leads to remote execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/tftp-hpa < 5.1 >= 5.1 Description =========== A vulnerability has been discovered in tftp-hpa. Please review the CVE identifier referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All tftp-hpa users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/tftp-hpa-5.1" References ========== [ 1 ] CVE-2011-2199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2199 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2011-2199 // JVNDB: JVNDB-2011-005102 // CNVD: CNVD-2011-2424 // BID: 48411 // PACKETSTORM: 102552 // PACKETSTORM: 114038

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-2424

AFFECTED PRODUCTS

vendor:h peter anvinmodel:tftp-hpascope:lteversion:5.0

Trust: 1.0

vendor:hmodel:peter anvin tftp-hpascope:eqversion:5.0

Trust: 0.9

vendor:h peter anvinmodel:tftp-hpascope:ltversion:5.1

Trust: 0.8

vendor:h peter anvinmodel:tftp-hpascope:eqversion:5.0

Trust: 0.6

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:hmodel:peter anvin tftp-hpascope:neversion:5.1

Trust: 0.3

sources: CNVD: CNVD-2011-2424 // BID: 48411 // JVNDB: JVNDB-2011-005102 // CNNVD: CNNVD-201106-298 // NVD: CVE-2011-2199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2199
value: HIGH

Trust: 1.0

NVD: CVE-2011-2199
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201106-298
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2011-2199
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-005102 // CNNVD: CNNVD-201106-298 // NVD: CVE-2011-2199

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-005102 // NVD: CVE-2011-2199

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 114038 // CNNVD: CNNVD-201106-298

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201106-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005102

PATCH

title:GLSA 201206-12url:http://www.gentoo.org/security/en/glsa/glsa-201206-12.xml

Trust: 0.8

title:network/tftp/tftp-hpa.git / commitdiffurl:http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8

Trust: 0.8

title:network/tftp/tftp-hpa.git / bloburl:http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=blob;f=CHANGES;h=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1;hb=badf05140d3c2408715a73a52c0f35887e337c04

Trust: 0.8

title:Tftp-hpa FTP Server 'utimeout' option patch for remote buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/4250

Trust: 0.6

title:tftp-hpa-5.1url:http://123.124.177.30/web/xxk/bdxqById.tag?id=43873

Trust: 0.6

sources: CNVD: CNVD-2011-2424 // JVNDB: JVNDB-2011-005102 // CNNVD: CNNVD-201106-298

EXTERNAL IDS

db:NVDid:CVE-2011-2199

Trust: 3.5

db:BIDid:48411

Trust: 1.9

db:OPENWALLid:OSS-SECURITY/2011/06/13/11

Trust: 1.6

db:JVNDBid:JVNDB-2011-005102

Trust: 0.8

db:CNVDid:CNVD-2011-2424

Trust: 0.6

db:CNNVDid:CNNVD-201106-298

Trust: 0.6

db:PACKETSTORMid:102552

Trust: 0.1

db:PACKETSTORMid:114038

Trust: 0.1

sources: CNVD: CNVD-2011-2424 // BID: 48411 // JVNDB: JVNDB-2011-005102 // PACKETSTORM: 102552 // PACKETSTORM: 114038 // CNNVD: CNNVD-201106-298 // NVD: CVE-2011-2199

REFERENCES

url:http://www.pre-cert.de/advisories/pre-sa-2011-05.txt

Trust: 2.6

url:http://security.gentoo.org/glsa/glsa-201206-12.xml

Trust: 1.7

url:http://www.securityfocus.com/bid/48411

Trust: 1.6

url:http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3ba=blob%3bf=changes%3bh=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1%3bhb=badf05140d3c2408715a73a52c0f35887e337c04

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2011/06/13/11

Trust: 1.6

url:http://git.kernel.org/?p=network/tftp/tftp-hpa.git%3ba=commitdiff%3bh=f3035c45bc50bb5cac87ca01e7ef6a12485184f8

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2199

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2199

Trust: 0.8

url:http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8

Trust: 0.4

url:http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=blob;f=changes;h=6df0d97b1f6c99f49d65e9ff80aa7b847f0e21e1;hb=badf05140d3c2408715a73a52c0f35887e337c04

Trust: 0.3

url:http://freshmeat.net/projects/tftp-hpa/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-2199

Trust: 0.2

url:http://www.pre-cert.de/.

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2199

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: CNVD: CNVD-2011-2424 // BID: 48411 // JVNDB: JVNDB-2011-005102 // PACKETSTORM: 102552 // PACKETSTORM: 114038 // CNNVD: CNNVD-201106-298 // NVD: CVE-2011-2199

CREDITS

Timo Warns

Trust: 1.0

sources: BID: 48411 // PACKETSTORM: 102552 // CNNVD: CNNVD-201106-298

SOURCES

db:CNVDid:CNVD-2011-2424
db:BIDid:48411
db:JVNDBid:JVNDB-2011-005102
db:PACKETSTORMid:102552
db:PACKETSTORMid:114038
db:CNNVDid:CNNVD-201106-298
db:NVDid:CVE-2011-2199

LAST UPDATE DATE

2024-08-14T14:58:23.086000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-2424date:2011-06-24T00:00:00
db:BIDid:48411date:2012-06-29T17:20:00
db:JVNDBid:JVNDB-2011-005102date:2012-07-24T00:00:00
db:CNNVDid:CNNVD-201106-298date:2023-02-14T00:00:00
db:NVDid:CVE-2011-2199date:2023-02-13T04:30:59.597

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-2424date:2011-06-24T00:00:00
db:BIDid:48411date:2011-06-23T00:00:00
db:JVNDBid:JVNDB-2011-005102date:2012-07-24T00:00:00
db:PACKETSTORMid:102552date:2011-06-24T09:13:54
db:PACKETSTORMid:114038date:2012-06-22T03:23:12
db:CNNVDid:CNNVD-201106-298date:1900-01-01T00:00:00
db:NVDid:CVE-2011-2199date:2012-07-22T17:55:00.993