TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability

2006.11.28

Credit: liuqx

Risk: Low

Local: Yes

Remote: Yes

CVE: CVE-2006-6141

CWE: CWE-Other

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

A vulnerability has been identified in TFTP Server TFTPD32 v3.01, which could be exploited by attackers to cause a denial of service. It was due to the title of the gauge window which was limited to 256 char --> not enough to store the file name and the client address.
The user can download newly version of the tftp server(http://philippe.jounin.net/tftpd32_download.html)

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.