AT-TFTP Server Remote Denial of Service Vulnerability

2011-04-26T00:00:00
ID SECURITYVULNS:DOC:26211
Type securityvulns
Reporter Securityvulns
Modified 2011-04-26T00:00:00

Description

AT-TFTP Server v1.8 Remote Denial of Service Vulnerability

SecPod Technologies (www.secpod.com) Author: Antu Sanadi

SecPod ID: 1013 01/04/2011 Issue Discovered 04/04/2011 Vendor Notified No Response from the Vendor 25/04/2011 Advisory Released

Class: Denial of Service Severity: High

Overview:

AT-TFTP Server v1.8 is prone to a remote Denial of Service vulnerability as it fails to handle 'read' requests from the client properly.

Technical Description:

The vulnerability is caused by an error in the "TFTPD.EXE" which causes the server to crash when no acknowledgement response is sent back to the server after a successful 'read'.

Impact:

Successful exploitation could allow an attacker to crash a vulnerable server.

Affected Software:

AT-TFTP Server version 1.8

Tested on, AT-TFTP Server version 1.8 on Windows XP SP3

References:

http://secpod.org/blog/?p=194 http://www.alliedtelesis.co.nz/ http://secpod.org/SecPod_AT_TFTP_DoS-POC.py http://secpod.org/advisories/SecPod_AT_TFTP_DoS.txt

Proof of Concept:

http://secpod.org/blog/?p=194 http://secpod.org/SecPod_AT_TFTP_DoS-POC.py

Solution:

Not available

Risk Factor:

CVSS Score Report: 
    ACCESS_VECTOR          = NETWORK
    ACCESS_COMPLEXITY      = LOW
    AUTHENTICATION         = NONE
    CONFIDENTIALITY_IMPACT = NONE
    INTEGRITY_IMPACT       = NONE
    AVAILABILITY_IMPACT    = COMPLETE
    EXPLOITABILITY         = PROOF_OF_CONCEPT
    REMEDIATION_LEVEL      = UNAVAILABLE
    REPORT_CONFIDENCE      = CONFIRMED
    CVSS Base Score        = 7.8 (High) (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Credits:

Antu Sanadi of SecPod Technologies has been credited with the discovery of this vulnerability.