Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 20.04 LTS USN-6334-1 Critical: atftp Input Flaws and Exploits

ubuntu
Calendar Grey September 4, 2023
Dist Ubuntu Esm H88
A number of security flaws in atftp have been identified, impacting various Ubuntu LTS versions, along with detailed remediation steps provided.
Several security issues were fixed in atftp.

Summary

Several security issues were fixed in atftp.

Software Description:

- atftp: Advanced TFTP Server and Client

Details:

Peter Wang discovered that atftp did not properly manage certain inputs. A

remote attacker could send a specially crafted tftp request to the server

to cause a crash. (CVE-2020-6097)

Andreas B. Mundt discovered that atftp did not properly manage certain

inputs. A remote attacker could send a specially crafted tftp request to

the server to cause a crash. (CVE-2021-41054)

Johannes Krupp discovered that atftp did not properly manage certain

inputs. A remote attacker could send a specially crafted tftp request to

the server and make the server to disclose /etc/group data.

(CVE-2021-46671)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   atftpd                          0.7.git20120829-3.1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   atftpd 0.7.git20120829-3.1~0.18.04.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   atftpd 0.7.git20120829-3.1~0.16.04.1+esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6334-1

  CVE-2020-6097, CVE-2021-41054, CVE-2021-46671

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6334-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here