Debian DSA-314-1 : atftp - buffer overflow

high Nessus Plugin ID 15151

Synopsis

The remote Debian host is missing a security-related update.

Description

Rick Patel discovered that atftpd is vulnerable to a buffer overflow when a long filename is sent to the server. An attacker could exploit this bug remotely to execute arbitrary code on the server.

Solution

For the stable distribution (woody), this problem has been fixed in version 0.6.1.1.0woody1.

The old stable distribution (potato) does not contain an atftp package.

We recommend that you update your atftp package.

See Also

http://www.debian.org/security/2003/dsa-314

Plugin Details

Severity: High

ID: 15151

File Name: debian_DSA-314.nasl

Version: 1.17

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:atftp

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 6/11/2003

Reference Information

CVE: CVE-2003-0380

DSA: 314