AT-TFTP Server v1.8 Remote Denial of Service Vulnerability
SecPod Technologies (www.secpod.com) Author: Antu Sanadi
SecPod ID: 1013 01/04/2011 Issue Discovered 04/04/2011 Vendor Notified No Response from the Vendor 25/04/2011 Advisory Released
Class: Denial of Service Severity: High
AT-TFTP Server v1.8 is prone to a remote Denial of Service vulnerability as it fails to handle 'read' requests from the client properly.
The vulnerability is caused by an error in the "TFTPD.EXE" which causes the server to crash when no acknowledgement response is sent back to the server after a successful 'read'.
Successful exploitation could allow an attacker to crash a vulnerable server.
AT-TFTP Server version 1.8
Tested on, AT-TFTP Server version 1.8 on Windows XP SP3
http://secpod.org/blog/?p=194 http://www.alliedtelesis.co.nz/ http://secpod.org/SecPod_AT_TFTP_DoS-POC.py http://secpod.org/advisories/SecPod_AT_TFTP_DoS.txt
CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = LOW AUTHENTICATION = NONE CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = NONE AVAILABILITY_IMPACT = COMPLETE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 7.8 (High) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Antu Sanadi of SecPod Technologies has been credited with the discovery of this vulnerability.