tftp-hpa crashes on natty (buffer overflow)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tftp-hpa (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: tftp-hpa
On a natty system, a simple:
echo "get /netboot/
Crashes with the following trace:
*** buffer overflow detected ***: tftp terminated
======= Backtrace: =========
/lib/libc.
/lib/libc.
tftp[0x4015f1]
tftp[0x402065]
tftp[0x4036c9]
/lib/libc.
tftp[0x4014d9]
======= Memory map: ========
00400000-00406000 r-xp 00000000 08:01 131853 /usr/bin/tftp
00605000-00606000 r--p 00005000 08:01 131853 /usr/bin/tftp
00606000-00607000 rw-p 00006000 08:01 131853 /usr/bin/tftp
00607000-00627000 rw-p 00000000 00:00 0
00df2000-00e13000 rw-p 00000000 00:00 0 [heap]
7f2da410f000-
7f2da4124000-
7f2da4323000-
7f2da4324000-
7f2da4325000-
7f2da4331000-
7f2da4530000-
7f2da4531000-
7f2da4532000-
7f2da46cd000-
7f2da48cd000-
7f2da48d1000-
7f2da48d2000-
7f2da48d8000-
7f2da4ad2000-
7f2da4af3000-
7f2da4af8000-
7f2da4af9000-
7fffa64e5000-
7fffa6556000-
ffffffffff60000
It's been reproduced on both amd64 and i386.
This bug is at least breaking LTSP systems.
This bug was fixed in the package tftp-hpa - 5.0-21ubuntu2
---------------
tftp-hpa (5.0-21ubuntu2) natty; urgency=low
* Clean up debian/patches and re-add dropped patch, use-memcpy- for-header. patch (LP: #727356)
04-
-- Chuck Short <email address hidden> Tue, 01 Mar 2011 14:24:12 -0500