22261 – net-ftp/atftp

Bug 22261 - net-ftp/atftp

Summary: net-ftp/atftp

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-06-05 03:45 UTC by Daniel Ahlberg (RETIRED)
Modified:	2003-06-08 14:29 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2003-06-05 03:45:46 UTC

possible remote buffer overflow in atftpd 

From:  
"Rick" <rikul@interbee.com> 

To:  
<bugtraq@securityfocus.com> 

Date:  
Yesterday 23.11.50 

Hello, 

There is possible remote buffer overflow in atftpd. It has to do with length 
of filename which client sends to atftpd server. If you send filename over 
~253 bytes, it crashes with segfault. When I attach to process with gdb I 
can see it trying to run instruction from EIP 0x41414141. That cant be a 
good thing. I've tested this on debian woody. I've creating proof of concept 
exploit for it but having few troubles :) 

later, 
Rick Patel

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-06-08 14:29:05 UTC

glsa sent