Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053603HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 314-1 (atftp)
2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
4
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.031
Percentile
91.1%
The remote host is missing an update to atftp
announced via advisory DSA 314-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53603");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2003-0380");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 314-1 (atftp)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB3\.0");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20314-1");
script_tag(name:"insight", value:"Rick Patel discovered that atftpd is vulnerable to a buffer overflow
when a long filename is sent to the server. An attacker could exploit
this bug remotely to execute arbitrary code on the server.
For the stable distribution (woody), this problem has been fixed in
version 0.6.1.1.0woody1.
The old stable distribution (potato) does not contain an atftp
package.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you update your atftp package.");
script_tag(name:"summary", value:"The remote host is missing an update to atftp
announced via advisory DSA 314-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"atftp", ver:"0.6.0woody1", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"atftpd", ver:"0.6.0woody1", rls:"DEB3.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Related
openvas
openvas
Debian Security Advisory DSA 314-1 (atftp)
2008-01-17 00:00:00
TFTPD overflow
2005-11-03 00:00:00
nvd
nvd
CVE-2003-0380
2003-07-02 04:00:00
debiancve
debiancve
CVE-2003-0380
2003-07-02 04:00:00
nessus
nessus
Debian DSA-314-1 : atftp - buffer overflow
2004-09-29 00:00:00
TFTPD Server Filename Handling Remote Overflow
2005-05-16 00:00:00
exploitdb
exploitdb
Atftpd 0.6 - 'atftpdx.c' Remote Command Execution
2003-06-10 00:00:00
cvelist
cvelist
CVE-2003-0380
2003-06-10 04:00:00
cve
cve
CVE-2003-0380
2003-07-02 04:00:00
debian
debian
[SECURITY] [DSA-314-1] New atftp packages fix buffer overflow
2003-06-11 23:28:31
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.031
Percentile
91.1%
Related for OPENVAS:136141256231053603