[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PRE-SA-2011-05] Buffer overflow in tftp-hpa daemon

PRE-CERT Security Advisory

* Advisory: PRE-SA-2011-05
* Released on: 22 Jun 2011
* Last updated on: 22 Jun 2011
* Affected product: tftp-hpa 0.30 - 5.0
* Impact: buffer overflow
* Origin: remote tftp client
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2011-2199


The tftp-hpa daemon contains a buffer overflow vulnerability in the
function for setting the utimeout option. As the daemon accepts the
option from clients, the vulnerability can be remotely exploited.


For a patch, see


When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:



PRE-CERT can be reached under precert@xxxxxxxxxxxxxx For PGP
key information, refer to http://www.pre-cert.de/.