3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability

Bugtraq ID:	21301
Class:	Boundary Condition Error
CVE:	CVE-2006-6183
Remote:	Yes
Local:	No
Published:	Nov 27 2006 12:00AM
Updated:	Mar 01 2007 06:25PM
Credit:	Liu Qixu is credited with the discovery of this vulnerability.
Vulnerable:	3Com TFTP Server 2.0.1
Not Vulnerable:

3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability

3Com TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution.

Version 2.0.1 is vulnerable; other versions may also be affected.

3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability

The following exploits are available:

• /data/vulnerabilities/exploits/21301.py
• /data/vulnerabilities/exploits/3ctftp_overflow.pm
• /data/vulnerabilities/exploits/21301.rb
• /data/vulnerabilities/exploits/3com_tftp_long_mode.pm
• /data/vulnerabilities/exploits/21301-UW.pl

3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability

References:

• 3CTftpSvc.zip - 3Com Software Library (3COM)
  
• TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Longtransporting mode) (Liu Qixu)