InetUtils.TFTP.Client.BufferOverflow.B
Description
This indicates an attempt to exploit a buffer overflow vulnerability in the GNU InetUtils TFTP client.
The TFTP client of GNU InetUtils has multiple buffer overflow vulnerabilities due to insufficient validation of the name and address information returned by a DNS server. A remote attacker who has taken over control of a DNS server or is able to spoof DNS responses can cause a buffer overflow in the application. This could allow the attacker to execute arbitrary code on a targeted machine.
Affected Products
The TFTP client of GNU InetUtils version 1.4.2
Impact
System compromise: a remote attacker could execute arbitrary code.
Recommended Actions
Currently we are not aware of any official fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |