CVE-2019-11366
Publication date 20 April 2019
Last updated 24 July 2024
Ubuntu priority
An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.
From the Ubuntu Security Team
It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| atftp | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Fixed 0.7.20120829-3.1~0.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 0.7.20120829-3.1~0.16.04.1
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.9 · Medium
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4540-1
- atftpd vulnerabilities
- 24 September 2020
- USN-4643-1
- atftp vulnerabilities
- 24 November 2020