Bug 25753

Summary: CVE-2011-2199: buffer overflow in tftp-hpa
Product: [Development] Sisyphus Reporter: Dmitry V. Levin <ldv@altlinux.org>
Component: tftpdAssignee: Sergey Bolshakov <sbolshakov@altlinux.org>
Status: CLOSED FIXED QA Contact: qa-sisyphus@altlinux.org
Severity: critical    
Priority: P3 CC: mike@altlinux.org
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://openwall.com/lists/oss-security/2011/06/11/1

Description From 2011-06-13 20:59:38
"The tftp-hpa daemon contained a buffer overflow vulnerability in the
function for setting the utimeout option. As the daemon accepts this
option from clients, the buffer overflow can be remotely exploited."
------- Comment #1 From 2011-06-14 01:23:07 -------
Here is the gitweb URL for that patch:
http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
------- Comment #2 From 2011-06-18 01:11:20 -------
tftp - The client for the Trivial File Transfer Protocol (TFTP)
* Tue Jun 14 2011 Damir Shayhutdinov <damir@altlinux> 5.0-alt3
- Fix buffer overflow in utimeout option (CVE 2011-2199, closes #25753)