Bug 699714 (CVE-2011-2199) - VUL-0: CVE-2011-2199: tftp buffer overflow
Summary: VUL-0: CVE-2011-2199: tftp buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2011-2199
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Normal
Target Milestone: ---
Deadline: 2011-06-29
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:11.3:41615 maint:relea...
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-14 07:49 UTC by Ludwig Nussel
Modified: 2017-01-12 07:39 UTC (History)
3 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-06-14 07:49:56 UTC 
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

CVE-2011-2199
http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8

------------------------------------------------------------------------------
Date: Sat, 11 Jun 2011 21:08:58 +0200CVE-2011-2199
From: Timo Warns <warns@pre-sense.de>
Subject: [oss-security] CVE request: buffer overflow in tftp-hpa

The tftp-hpa daemon contained a buffer overflow vulnerability in the
function for setting the utimeout option. As the daemon accepts this
option from clients, the buffer overflow can be remotely exploited
Comment 2 Swamp Workflow Management 2011-06-15 08:42:51 UTC 
The SWAMPID for this issue is 41610.
This issue was rated as moderate.
Please submit fixed packages until 2011-06-29.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 3 Ludwig Nussel 2011-06-15 08:45:43 UTC 
overflows a static buffer with digits.

A less intrusive patch would be to just increase the buffer size sufficiently.
Comment 4 Petr Uzel 2011-06-23 12:22:17 UTC 
Fixed in Factory by updating to version 5.1.
Comment 6 Petr Uzel 2011-06-24 07:22:03 UTC 
Submitted to maintenance channels, reassigning to security team.
Comment 7 Bernhard Wiedemann 2011-06-24 08:00:27 UTC 
This is an autogenerated message for OBS integration:
This bug (699714) was mentioned in
https://build.opensuse.org/request/show/74432 Factory / tftp
https://build.opensuse.org/request/show/74433 11.4 / tftp
https://build.opensuse.org/request/show/74434 11.3 / tftp
Comment 8 Marcus Meissner 2011-06-29 14:23:48 UTC 
we need this pacakge also for sles9-sp3-teradata-x86_64

(submit using "submitpac -r sles9-sp3-teradata", base work on sles9 sp4 tftp version.)
Comment 9 Petr Uzel 2011-06-30 09:23:00 UTC 
(In reply to comment #8)
> we need this pacakge also for sles9-sp3-teradata-x86_64
> 
> (submit using "submitpac -r sles9-sp3-teradata", base work on sles9 sp4 tftp
> version.)

Submitted. Reassigning back to security team.
Comment 10 Swamp Workflow Management 2011-07-01 12:22:09 UTC 
Update released for: tftp, tftp-debuginfo, tftp-debugsource
Products:
openSUSE 11.3 (debug, i586, x86_64)
openSUSE 11.4 (debug, i586, x86_64)
Comment 11 Ludwig Nussel 2011-07-01 12:22:15 UTC 
released
Comment 12 Swamp Workflow Management 2011-07-01 15:04:27 UTC 
Update released for: tftp, tftp-debuginfo, tftp-debugsource
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 13 Swamp Workflow Management 2011-07-01 15:18:11 UTC 
Update released for: tftp, tftp-debuginfo
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 14 Bernhard Wiedemann 2011-07-04 06:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (699714) was mentioned in
https://build.opensuse.org/request/show/75223 Evergreen:11.2 / tftp
https://build.opensuse.org/request/show/75224 Evergreen:11.1 / tftp