ALT-BU-2024-7187-1
Branch c9f2 update bulletin.
Closed vulnerabilities
BDU:2022-00244
Уязвимость компонента tftpd_file.c клиента TFTP Atftp, связанная с копированием буфера без проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-05753
Уязвимость компонента options клиента TFTP Atftp, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2021-41054
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41054
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41054
- [debian-lts-announce] 20211117 [SECURITY] [DLA 2820-1] atftp security update
- [debian-lts-announce] 20211117 [SECURITY] [DLA 2820-1] atftp security update
- https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
- https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
Modified: 2024-11-21
CVE-2021-46671
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.
- https://bugs.debian.org/1004974
- https://bugs.debian.org/1004974
- [debian-lts-announce] 20220527 [SECURITY] [DLA 3028-1] atftp security update
- [debian-lts-announce] 20220527 [SECURITY] [DLA 3028-1] atftp security update
- https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5
- https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5
Closed bugs
atftp: Необходимо обеспечить совместимость службы с systemd
Сервис atftpd нельзя добавить в автозапуск, используя systemctl enable
Closed vulnerabilities
Modified: 2024-11-21
CVE-2018-1000825
FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.