CVE-2019-11366 - OpenCVE

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Atftp Project	Atftp

Configuration 1 [-]

cpe:2.3:a:atftp_project:atftp:0.7.1:*:*:*:*:*:*:*

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2019/05/msg00012.html
https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities	Exploit Third Party Advisory
https://seclists.org/bugtraq/2019/May/16
https://security.gentoo.org/glsa/202003-14
https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/	Patch Third Party Advisory
https://usn.ubuntu.com/4540-1/
https://www.debian.org/security/2019/dsa-4438

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-20T12:58:09

Updated: 2020-09-28T17:06:23

Reserved: 2019-04-20T00:00:00

Link: CVE-2019-11366

JSON object: View

NVD Information

Status : Modified

Published: 2019-04-20T13:29:00.637

Modified: 2020-09-28T18:15:14.160

Link: CVE-2019-11366

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-28T17:06:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/"}, {"name": "DSA-4438", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4438"}, {"name": "20190508 [SECURITY] [DSA 4438-1] atftp security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/16"}, {"name": "[debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00012.html"}, {"name": "GLSA-202003-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-14"}, {"name": "USN-4540-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4540-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11366", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities", "refsource": "MISC", "url": "https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities"}, {"name": "https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/", "refsource": "MISC", "url": "https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/"}, {"name": "DSA-4438", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4438"}, {"name": "20190508 [SECURITY] [DSA 4438-1] atftp security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/16"}, {"name": "[debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00012.html"}, {"name": "GLSA-202003-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-14"}, {"name": "USN-4540-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4540-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11366", "datePublished": "2019-04-20T12:58:09", "dateReserved": "2019-04-20T00:00:00", "dateUpdated": "2020-09-28T17:06:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atftp_project:atftp:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "EFC2D623-17BA-4A65-AF44-9A2E0B299419", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next."}, {"lang": "es", "value": "Fue encontrado un problema en atftpd en atftp versi\u00f3n 0.7.1. No bloquea el mutex thread_list_mutex anterior de asignar la estructura de datos del hilo actual. Como resultado, el dominio es vulnerable a un ataque de Denegaci\u00f3n de Servicio (DoS) debido a una desreferencia de puntero NULL. Si thread_data es NULL cuando se asigna a actual, y se modifica por otro hilo anterior de una cierta comprobaci\u00f3n del archivo tftpd_list.c, se produce un bloqueo al eliminar la referencia current->next."}], "id": "CVE-2019-11366", "lastModified": "2020-09-28T18:15:14.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-20T13:29:00.637", "references": [{"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00012.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/May/16"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202003-14"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4540-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2019/dsa-4438"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}