Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
BID:21320
Info
Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 21320 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6184 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 27 2006 12:00AM |
| Updated: | Mar 07 2011 04:47PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
Allied Telesyn TFTP Daemon 1.9 |
| Not Vulnerable: | |
Discussion
Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
AT-TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code and gain unauthorized remote access to a vulnerable computer. A denial-of-service condition may arise as well.
AT-TFTP 1.9 is reported vulnerable; other versions may be affected as well.
AT-TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code and gain unauthorized remote access to a vulnerable computer. A denial-of-service condition may arise as well.
AT-TFTP 1.9 is reported vulnerable; other versions may be affected as well.