[Bug 727356] [NEW] tftp-hpa crashes on natty (buffer overflow)

Stéphane Graber stgraber at stgraber.org
Tue Mar 1 19:16:31 UTC 2011 

*** This bug is a duplicate of bug 727357 ***
    https://bugs.launchpad.net/bugs/727357

Public bug reported:

Binary package hint: tftp-hpa

On a natty system, a simple:
echo "get /netboot/pxelinux.0" | tftp <ip>

Crashes with the following trace:
*** buffer overflow detected ***: tftp terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f2da4630427]
/lib/libc.so.6(+0xfd340)[0x7f2da462f340]
tftp[0x4015f1]
tftp[0x402065]
tftp[0x4036c9]
/lib/libc.so.6(__libc_start_main+0xfe)[0x7f2da4550efe]
tftp[0x4014d9]
======= Memory map: ========
00400000-00406000 r-xp 00000000 08:01 131853                             /usr/bin/tftp
00605000-00606000 r--p 00005000 08:01 131853                             /usr/bin/tftp
00606000-00607000 rw-p 00006000 08:01 131853                             /usr/bin/tftp
00607000-00627000 rw-p 00000000 00:00 0 
00df2000-00e13000 rw-p 00000000 00:00 0                                  [heap]
7f2da410f000-7f2da4124000 r-xp 00000000 08:01 264125                     /lib/libgcc_s.so.1
7f2da4124000-7f2da4323000 ---p 00015000 08:01 264125                     /lib/libgcc_s.so.1
7f2da4323000-7f2da4324000 r--p 00014000 08:01 264125                     /lib/libgcc_s.so.1
7f2da4324000-7f2da4325000 rw-p 00015000 08:01 264125                     /lib/libgcc_s.so.1
7f2da4325000-7f2da4331000 r-xp 00000000 08:01 271928                     /lib/libnss_files-2.13.so
7f2da4331000-7f2da4530000 ---p 0000c000 08:01 271928                     /lib/libnss_files-2.13.so
7f2da4530000-7f2da4531000 r--p 0000b000 08:01 271928                     /lib/libnss_files-2.13.so
7f2da4531000-7f2da4532000 rw-p 0000c000 08:01 271928                     /lib/libnss_files-2.13.so
7f2da4532000-7f2da46cd000 r-xp 00000000 08:01 271230                     /lib/libc-2.13.so
7f2da46cd000-7f2da48cd000 ---p 0019b000 08:01 271230                     /lib/libc-2.13.so
7f2da48cd000-7f2da48d1000 r--p 0019b000 08:01 271230                     /lib/libc-2.13.so
7f2da48d1000-7f2da48d2000 rw-p 0019f000 08:01 271230                     /lib/libc-2.13.so
7f2da48d2000-7f2da48d8000 rw-p 00000000 00:00 0 
7f2da48d8000-7f2da48f9000 r-xp 00000000 08:01 261677                     /lib/ld-2.13.so
7f2da4ad2000-7f2da4ad5000 rw-p 00000000 00:00 0 
7f2da4af3000-7f2da4af8000 rw-p 00000000 00:00 0 
7f2da4af8000-7f2da4af9000 r--p 00020000 08:01 261677                     /lib/ld-2.13.so
7f2da4af9000-7f2da4afb000 rw-p 00021000 08:01 261677                     /lib/ld-2.13.so
7fffa64e5000-7fffa6506000 rw-p 00000000 00:00 0                          [stack]
7fffa6556000-7fffa6557000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]


It's been reproduced on both amd64 and i386.

This bug is at least breaking LTSP systems.

** Affects: tftp-hpa (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: tftp-hpa (Ubuntu Natty)
     Importance: Undecided
         Status: New

** Also affects: tftp-hpa (Ubuntu Natty)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tftp-hpa in ubuntu.
https://bugs.launchpad.net/bugs/727356

Title:
  tftp-hpa crashes on natty (buffer overflow)

More information about the Ubuntu-server-bugs mailing list