Lucene search
SAINT CorporationSAINT:3448AAC3017714102ABCA44192BC6FF9HistorySep 12, 2008 - 12:00 a.m.
TFTP Server error packet buffer overflow
2008-09-1200:00:00
SAINT Corporation
download.saintcorporation.com
27
0.638 Medium
EPSS
Percentile
97.9%
Added: 09/12/2008
CVE: CVE-2008-2161
BID: 29111
OSVDB: 44904
Background
TFTP Server is an open source server implementation of the tftp protocol for multiple platforms.
Problem
A buffer overflow vulnerability in the handling of error packets allows remote attackers to execute arbitrary commands.
Resolution
Upgrade to version 1.6 or higher when available, if that version contains a fix. Otherwise restrict access to the tftp service.
References
<http://www.milw0rm.com/exploits/5563>
Limitations
Exploit works on TFTP Server SP 1.4.
A different payload is required depending upon whether the service runs as a network service or standalone. Choose the first platform if TFTP Server is running as a network service, and the second if it is running standalone.
Platforms
Windows
Related
saint
saint
TFTP Server error packet buffer overflow
2008-09-12 00:00:00
TFTP Server error packet buffer overflow
2008-09-12 00:00:00
TFTP Server error packet buffer overflow
2008-09-12 00:00:00
prion
prion
Buffer overflow
2008-05-12 22:20:00
Heap overflow
2019-12-23 23:15:00
packetstorm
packetstorm
OpenTFTP SP 1.4 Error Packet Overflow
2011-12-24 00:00:00
cve
cve
CVE-2008-2161
2008-05-12 22:20:00
CVE-2018-10387
2019-12-23 23:15:11
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2008-2161
2008-05-12 22:00:00
CVE-2018-10387
2019-12-23 22:45:39
nvd
nvd
CVE-2008-2161
2008-05-12 22:20:00
CVE-2018-10387
2019-12-23 23:15:11