TFTPD32 Filename Remote Buffer Overflow Vulnerability
BID:21148
Info
TFTPD32 Filename Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 21148 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 17 2006 12:00AM |
| Updated: | Nov 28 2006 04:25AM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
Philippe Jounin TFTPD32 3.01 |
| Not Vulnerable: | |
Discussion
TFTPD32 Filename Remote Buffer Overflow Vulnerability
TFTPD32 is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution.
Version 3.01 is vulnerable.
TFTPD32 is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution.
Version 3.01 is vulnerable.
Exploit / POC
TFTPD32 Filename Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
The following proof-of-concept exploit will demonstrate this issue by crashing the application:
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
The following proof-of-concept exploit will demonstrate this issue by crashing the application:
Solution / Fix
TFTPD32 Filename Remote Buffer Overflow Vulnerability
Solution:
Reports indicate that the vendor released version 3.02 to address this issue. Please contact the vendor for information on obtaining and applying fixes.
Solution:
Reports indicate that the vendor released version 3.02 to address this issue. Please contact the vendor for information on obtaining and applying fixes.
References
TFTPD32 Filename Remote Buffer Overflow Vulnerability
References:
References: