Ubuntu
tftp-hpa package

tftp-hpa crashes on natty (buffer overflow)

Bug #727356 reported by Stéphane Graber
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tftp-hpa (Ubuntu)
Fix Released
Undecided
Unassigned
Natty
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: tftp-hpa

On a natty system, a simple:
echo "get /netboot/pxelinux.0" | tftp <ip>

Crashes with the following trace:
*** buffer overflow detected ***: tftp terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f2da4630427]
/lib/libc.so.6(+0xfd340)[0x7f2da462f340]
tftp[0x4015f1]
tftp[0x402065]
tftp[0x4036c9]
/lib/libc.so.6(__libc_start_main+0xfe)[0x7f2da4550efe]
tftp[0x4014d9]
======= Memory map: ========
00400000-00406000 r-xp 00000000 08:01 131853 /usr/bin/tftp
00605000-00606000 r--p 00005000 08:01 131853 /usr/bin/tftp
00606000-00607000 rw-p 00006000 08:01 131853 /usr/bin/tftp
00607000-00627000 rw-p 00000000 00:00 0
00df2000-00e13000 rw-p 00000000 00:00 0 [heap]
7f2da410f000-7f2da4124000 r-xp 00000000 08:01 264125 /lib/libgcc_s.so.1
7f2da4124000-7f2da4323000 ---p 00015000 08:01 264125 /lib/libgcc_s.so.1
7f2da4323000-7f2da4324000 r--p 00014000 08:01 264125 /lib/libgcc_s.so.1
7f2da4324000-7f2da4325000 rw-p 00015000 08:01 264125 /lib/libgcc_s.so.1
7f2da4325000-7f2da4331000 r-xp 00000000 08:01 271928 /lib/libnss_files-2.13.so
7f2da4331000-7f2da4530000 ---p 0000c000 08:01 271928 /lib/libnss_files-2.13.so
7f2da4530000-7f2da4531000 r--p 0000b000 08:01 271928 /lib/libnss_files-2.13.so
7f2da4531000-7f2da4532000 rw-p 0000c000 08:01 271928 /lib/libnss_files-2.13.so
7f2da4532000-7f2da46cd000 r-xp 00000000 08:01 271230 /lib/libc-2.13.so
7f2da46cd000-7f2da48cd000 ---p 0019b000 08:01 271230 /lib/libc-2.13.so
7f2da48cd000-7f2da48d1000 r--p 0019b000 08:01 271230 /lib/libc-2.13.so
7f2da48d1000-7f2da48d2000 rw-p 0019f000 08:01 271230 /lib/libc-2.13.so
7f2da48d2000-7f2da48d8000 rw-p 00000000 00:00 0
7f2da48d8000-7f2da48f9000 r-xp 00000000 08:01 261677 /lib/ld-2.13.so
7f2da4ad2000-7f2da4ad5000 rw-p 00000000 00:00 0
7f2da4af3000-7f2da4af8000 rw-p 00000000 00:00 0
7f2da4af8000-7f2da4af9000 r--p 00020000 08:01 261677 /lib/ld-2.13.so
7f2da4af9000-7f2da4afb000 rw-p 00021000 08:01 261677 /lib/ld-2.13.so
7fffa64e5000-7fffa6506000 rw-p 00000000 00:00 0 [stack]
7fffa6556000-7fffa6557000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

It's been reproduced on both amd64 and i386.

This bug is at least breaking LTSP systems.

Related branches

lp:ubuntu/natty/tftp-hpa
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tftp-hpa - 5.0-21ubuntu2

---------------
tftp-hpa (5.0-21ubuntu2) natty; urgency=low

  * Clean up debian/patches and re-add dropped patch,
    04-use-memcpy-for-header.patch (LP: #727356)
 -- Chuck Short <email address hidden> Tue, 01 Mar 2011 14:24:12 -0500

Changed in tftp-hpa (Ubuntu Natty):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.