CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.9%
Added: 09/12/2008
CVE: CVE-2008-2161
BID: 29111
OSVDB: 44904
TFTP Server is an open source server implementation of the tftp protocol for multiple platforms.
A buffer overflow vulnerability in the handling of error packets allows remote attackers to execute arbitrary commands.
Upgrade to version 1.6 or higher when available, if that version contains a fix. Otherwise restrict access to the tftp service.
<http://www.milw0rm.com/exploits/5563>
Exploit works on TFTP Server SP 1.4.
A different payload is required depending upon whether the service runs as a network service or standalone. Choose the first platform if TFTP Server is running as a network service, and the second if it is running standalone.
Windows