CVE-2019-11366

Published: 20 April 2019

An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next.

From the Ubuntu security team

It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
atftp
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(0.7.git20120829-3.1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(0.7.git20120829-3.1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.7.git20120829-3.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.7.20120829-3.1~0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.7.20120829-3.1~0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)