exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ad20050108.txt

ad20050108.txt
Posted Jan 15, 2005
Authored by Sowhat | Site secway.org

TFTPD32 is susceptible to a remote denial of service attack.

tags | advisory, remote, denial of service
SHA-256 | 08d63438b5eeee5c70a2de34a5848af21d0b764e94caf2d59984c64995ca09c9

ad20050108.txt

Change Mirror Download
TFTPD32 Long FileName Remote Denial of Service

By Sowhat
12.JAN.2005
http://secway.org/advisory/ad20050108.txt

Product Affected:

TFTPD 2.74 and prior

Impact:
Low


(1) Introduction

TFTPD32 is a bundle including a full featured TFTP server, a TFTP
client, a DHCP server and a Syslog server.
TFTPD32 is designed for Windows 95/NT/2000/XP.
"TFTPD32 recommended by Cisco, HP and other companies" --From the
author's webpage.

For more information:
http://perso.wanadoo.fr/philippe.jounin/TFTPD32.html

(2) Details
A vulnerability in TFTPD32 may allow remote attackers crash the
TFTPD32 and therefore cause a Denial of Service.

aviram(@)beyondsecurity.com had reported "TFTPD32 Buffer Overflow
Vulnerability (Long filename)" to bugtraq. And it seems that the
author fixed the problem in v2.51.
But during a simple audit,I found that TFTPD32 is still vulnerable to
"Long Filenmae".

C:\Windows\System32>tftp -i 192.168.0.1 get AAAAA...[about 508 'A' here]...AA

The TFTPD32 will print the following error messages 2 times:
"Error:RecvFrom Returns 10040 <"A message sent on a datagram socket
was larger than the internal message buffer or some other network
limit, or the buffer used to receive a datagram into was smaller than
the datagram itself.">"
and then it will dead.

But this vulnerability seems very unstable and not exploitable.
the TFTPD32 will not dead immediately ,usually 10-15 seconds after the
request,and some times you need to "get" 2-3 times.

(3) Solution

Waitting for the author's update

(4) Author Response

I have sent an email to the author BUT no reply yet.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close