InetUtils.TFTP.Client.BufferOverflow.B

description-logoDescription

This indicates an attempt to exploit a buffer overflow vulnerability in the GNU InetUtils TFTP client.
The TFTP client of GNU InetUtils has multiple buffer overflow vulnerabilities due to insufficient validation of the name and address information returned by a DNS server. A remote attacker who has taken over control of a DNS server or is able to spoof DNS responses can cause a buffer overflow in the application. This could allow the attacker to execute arbitrary code on a targeted machine.

affected-products-logoAffected Products

The TFTP client of GNU InetUtils version 1.4.2

Impact logoImpact

System compromise: a remote attacker could execute arbitrary code.

recomended-action-logoRecommended Actions

Currently we are not aware of any official fix for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1