Lucene search

SAINT CorporationSAINT:A60F3DBC5FC16126618E616B3391ACE4

HistorySep 12, 2008 - 12:00 a.m.

TFTP Server error packet buffer overflow

2008-09-1200:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.638 Medium

EPSS

Percentile

97.9%

JSON

Added: 09/12/2008
CVE: CVE-2008-2161
BID: 29111
OSVDB: 44904

Background

TFTP Server is an open source server implementation of the tftp protocol for multiple platforms.

Problem

A buffer overflow vulnerability in the handling of error packets allows remote attackers to execute arbitrary commands.

Resolution

Upgrade to version 1.6 or higher when available, if that version contains a fix. Otherwise restrict access to the tftp service.

References

<http://www.milw0rm.com/exploits/5563>

Limitations

Exploit works on TFTP Server SP 1.4.

A different payload is required depending upon whether the service runs as a network service or standalone. Choose the first platform if TFTP Server is running as a network service, and the second if it is running standalone.

Platforms

Windows

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.638 Medium

EPSS

Percentile

97.9%

JSON

Related for SAINT:A60F3DBC5FC16126618E616B3391ACE4