Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Jun 2011 21:08:58 +0200
From: Timo Warns <warns@...-sense.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: buffer overflow in tftp-hpa

The tftp-hpa daemon contained a buffer overflow vulnerability in the
function for setting the utimeout option. As the daemon accepts this
option from clients, the buffer overflow can be remotely exploited.

For a patch, see

> git clone http://www.kernel.org/pub/scm/network/tftp/tftp-hpa.git/
> git diff 2864 f303

Thanks, Timo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ