pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2022-2609/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

136 lines
5.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222609",
"Version": "oval:org.altlinux.errata:def:20222609",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2609: package `atftp` update to version 0.7.2-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2609",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2609",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-01952",
"RefURL": "https://bdu.fstec.ru/vul/2019-01952",
"Source": "BDU"
},
{
"RefID": "BDU:2019-01954",
"RefURL": "https://bdu.fstec.ru/vul/2019-01954",
"Source": "BDU"
},
{
"RefID": "CVE-2019-11365",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11365",
"Source": "CVE"
},
{
"RefID": "CVE-2019-11366",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-11366",
"Source": "CVE"
}
],
"Description": "This update upgrades atftp to version 0.7.2-alt2. \nSecurity Fix(es):\n\n * BDU:2019-01952: Уязвимость функции вызова strncpy Atftpd, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на целостность и конфиденциальность данных или вызвать отказ в обслуживании\n\n * BDU:2019-01954: Уязвимость функции thread_list_mutex продвинутого TFTP-сервера Atftpd, связанная с разыменованием указателя NULL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-11365: An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.\n\n * CVE-2019-11366: An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current-\u003enext.\n\n * #39157: Сервис atftpd не запускается после перезагрузки системы",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-09-14"
},
"Updated": {
"Date": "2022-09-14"
},
"BDUs": [
{
"ID": "BDU:2019-01952",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2019-01952",
"Impact": "Critical",
"Public": "20190414"
},
{
"ID": "BDU:2019-01954",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-01954",
"Impact": "Low",
"Public": "20190414"
}
],
"CVEs": [
{
"ID": "CVE-2019-11365",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11365",
"Impact": "Critical",
"Public": "20190420"
},
{
"ID": "CVE-2019-11366",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-11366",
"Impact": "Low",
"Public": "20190420"
}
],
"Bugzilla": [
{
"ID": "39157",
"Href": "https://bugzilla.altlinux.org/39157",
"Data": "Сервис atftpd не запускается после перезагрузки системы"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222609001",
"Comment": "atftp is earlier than 0:0.7.2-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink