Serva32 2.1.0 TFTPD service buffer overflow vulnerability

Overview

Serva32 2.1.0 TFTPD service contains a buffer overflow vulnerability.

Description

The Serva32 2.1.0 TFTPD service contains a buffer overflow vulnerability when parsing large read requests. When the application reads in a large buffer the application crashes.

---

Impact

An unauthenticated attacker can pass large read requests against the application causing it to crash.

---

Solution

We are currently unaware of a practical solution to this problem.

---

Restrict Network Access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from connecting to the service from a blocked network location.

---

Vendor Information

127108

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Serva Affected

Updated: May 13, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base	5.4	AV:N/AC:H/Au:N/C:N/I:N/A:C
Temporal	3.9	E:U/RL:W/RC:UC
Environmental	1.1	CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

<http://www.vercot.com/~serva/&gt;

Acknowledgements

Thanks to Jonathan Christmas a researcher at Solera Networks for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs:	CVE-2013-0145
Date Public:	2013-05-14 Date First Published: