Bug 1195619 - (CVE-2021-46671) VUL-1: CVE-2021-46671: atftp: Potential information leak in atftpd<0.7.5
(CVE-2021-46671)
VUL-1: CVE-2021-46671: atftp: Potential information leak in atftpd<0.7.5
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/322733/
CVSSv3.1:SUSE:CVE-2021-46671:3.7:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-07 09:44 UTC by Carlos López
Modified: 2022-03-16 17:17 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-02-07 09:44:36 UTC
CVE-2021-46671

options.c in atftp before 0.7.5 reads past the end of an array, and consequently
discloses server-side /etc/group data to a remote client.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46671
https://bugs.debian.org/1004974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46671
http://www.cvedetails.com/cve/CVE-2021-46671/
https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5
Comment 1 Carlos López 2022-02-07 09:45:55 UTC
Affected:
 - SUSE:SLE-11:Update
 - SUSE:SLE-11-SP3:Update
 - SUSE:SLE-12:Update
Comment 3 David Anes 2022-02-19 08:57:28 UTC
All done. Assigning back to security.
Comment 4 Swamp Workflow Management 2022-03-16 17:17:12 UTC
SUSE-SU-2022:0881-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1195619
CVE References: CVE-2021-46671
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    atftp-0.7.0-160.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.