First Last Prev Next    This bug is not in your last search results.
Bug 1133145 - (CVE-2019-11366) VUL-0: CVE-2019-11366: atftp: does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service at
(CVE-2019-11366)
VUL-0: CVE-2019-11366: atftp: does not lock the thread_list_mutex mutex befor...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/230038/
maint:released:sle10-sp3:64272
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-23 15:29 UTC by Marcus Meissner
Modified: 2021-06-25 08:50 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Patch (2.87 KB, patch)
2019-04-24 08:40 UTC, Pedro Monreal Gonzalez 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-04-23 15:29:49 UTC 
CVE-2019-11366

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the
thread_list_mutex mutex before assigning the current thread data structure. As a
result, the daemon is vulnerable to a denial of service attack due to a NULL
pointer dereference. If thread_data is NULL when assigned to current, and
modified by another thread before a certain tftpd_list.c check, there is a crash
when dereferencing current->next.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11366
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11366.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11366
http://www.cvedetails.com/cve/CVE-2019-11366/
https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/
Comment 1 Pedro Monreal Gonzalez 2019-04-24 08:40:59 UTC 
Created attachment 803479 [details]
Patch

Upstream patch.
Comment 3 Pedro Monreal Gonzalez 2019-04-26 10:14:56 UTC 
Updated also in Factory, see:
https://build.opensuse.org/request/show/698121
Comment 5 Swamp Workflow Management 2019-04-26 15:31:00 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2019-05-03.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64271
Comment 6 Swamp Workflow Management 2019-04-29 22:12:49 UTC 
SUSE-SU-2019:14033-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1133114,1133145
CVE References: CVE-2019-11365,CVE-2019-11366
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    atftp-0.7.0-135.23.3.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    atftp-0.7.0-135.23.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    atftp-0.7.0-135.23.3.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    atftp-0.7.0-135.23.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-05-21 06:17:19 UTC 
SUSE-SU-2019:1091-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1133114,1133145
CVE References: CVE-2019-11365,CVE-2019-11366
Sources used:
SUSE OpenStack Cloud 7 (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12-SP4 (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12-SP3 (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Server 12-LTSS (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    atftp-0.7.0-160.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    atftp-0.7.0-160.8.1
SUSE Enterprise Storage 4 (src):    atftp-0.7.0-160.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Alexandros Toptsoglou 2020-04-23 15:53:52 UTC 
Done
Comment 9 OBSbugzilla Bot 2021-06-25 08:50:20 UTC 
This is an autogenerated message for OBS integration:
This bug (1133145) was mentioned in
https://build.opensuse.org/request/show/902297 15.3 / atftp
https://build.opensuse.org/request/show/902298 Backports:SLE-15-SP2 / atftp
First Last Prev Next    This bug is not in your last search results.