Executive Summary
| Summary | |
|---|---|
| Title | New atftp packages fix buffer overflow |
| Informations | |||
|---|---|---|---|
| Name | DSA-314 | First vendor Publication | 2003-06-11 |
| Vendor | Debian | Last vendor Modification | 2003-06-11 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Rick Patel discovered that atftpd is vulnerable to a buffer overflow when a long filename is sent to the server. An attacker could exploit this bug remotely to execute arbitrary code on the server. For the stable distribution (woody), this problem has been fixed in version 0.6.1.1.0woody1. The old stable distribution (potato) does not contain an atftp package. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you update your atftp package. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-314 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 314-1 (atftp) File : nvt/deb_314_1.nasl |
| 2005-11-03 | Name : TFTPD overflow File : nvt/tftpd_overflow.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 4343 | atftp daemon (atftpd) Filename Handling Remote Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | PUT filename overflow attempt RuleID : 2337-community - Revision : 23 - Type : PROTOCOL-TFTP |
| 2014-01-10 | PUT filename overflow attempt RuleID : 2337 - Revision : 23 - Type : PROTOCOL-TFTP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-05-16 | Name : The remote host has an application that is affected by a buffer overflow vuln... File : tftpd_overflow.nasl - Type : ACT_FLOOD |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-314.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:39 |
|
