Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - OpenBSD: double free of TFTP

April 2013 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When the TFTP service is enabled, an attacker can send a malformed
option, in order to trigger a double memory free, which leads to a
denial of service and possibly to code execution.

Impacted products: OpenBSD

Severity: 2/4

Creation date: 22/03/2013

DESCRIPTION OF THE VULNERABILITY

When a TFTP client sends a query with an option, a TFTP server
sends the OACK (Option Acknowledgment) packet, in order to confirm
the option processing.

The oack() function of the usr.sbin/tftpd/tftpd.c file sends OACK
packets. If an error occurs, this function frees a memory area.
However, this area is freed twice in the calling tftp_open()
function.

When the TFTP service is enabled, an attacker can therefore send a
malformed option, in order to trigger a double memory free, which
leads to a denial of service and possibly to code execution.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/OpenBSD-double-free-of-TFTP-12552


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts