Lucene search

K
saintSAINT CorporationSAINT:D5884AE22B3FB9B3B73C796D1DFC3552
HistoryDec 08, 2006 - 12:00 a.m.

3Com TFTP server Transporting Mode buffer overflow

2006-12-0800:00:00
SAINT Corporation
download.saintcorporation.com
22

EPSS

0.831

Percentile

98.5%

Added: 12/08/2006
CVE: CVE-2006-6183
BID: 21301
OSVDB: 30758

Background

3CTftpSvc by 3Com is a freeware implementation of the TFTP protocol for Windows.

Problem

A buffer overflow vulnerability in the 3Com TFTP server allows remote attackers to execute arbitrary commands by sending a long, specially crafted transporting mode in a GET or PUT request.

Resolution

Delete the 3Com TFTP server. It is no longer supported by the vendor.

References

<http://www.securityfocus.com/archive/1/452754&gt;

Limitations

Exploit works on 3Com TFTP server 2.0.1.

Platforms

Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003 SP0
Windows Server 2003 SP1 / Windows Server 2003

EPSS

0.831

Percentile

98.5%