Lucene search

SAINT CorporationSAINT:F97C8D013B1E9EBE6790B5AB21D4269F

HistorySep 12, 2008 - 12:00 a.m.

TFTP Server error packet buffer overflow

2008-09-1200:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.638

Percentile

97.9%

JSON

Added: 09/12/2008
CVE: CVE-2008-2161
BID: 29111
OSVDB: 44904

Background

TFTP Server is an open source server implementation of the tftp protocol for multiple platforms.

Problem

A buffer overflow vulnerability in the handling of error packets allows remote attackers to execute arbitrary commands.

Resolution

Upgrade to version 1.6 or higher when available, if that version contains a fix. Otherwise restrict access to the tftp service.

References

<http://www.milw0rm.com/exploits/5563>

Limitations

Exploit works on TFTP Server SP 1.4.

A different payload is required depending upon whether the service runs as a network service or standalone. Choose the first platform if TFTP Server is running as a network service, and the second if it is running standalone.

Platforms

Windows

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.638

Percentile

97.9%

JSON

Related for SAINT:F97C8D013B1E9EBE6790B5AB21D4269F