OpenTFTP Server Read Request Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is running OpenTFTP Server and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to cause denial of service attacks.

Solution

Upgrade to OpenTFTP Server SP version 1.5 or later For updates refer to http://sourceforge.net/projects/tftp-server/

Insight

The flaw is due to a boundary error in the handling of filenames and can be exploited to cause a stack-based buffer overflow via a read request with an overly long filename.

Affected

OpenTFTP Server SP version 1.4

References

http://packetstormsecurity.org/files/108546/tftprrq-overflow.txt
http://secunia.com/advisories/29508
http://securityreason.com/securityalert/8552
http://www.exploit-db.com/exploits/18345/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

DesignWorks Professional '.cct' File BOF Vulnerability
Apple QuickTime Multiple Vulnerabilities - Sep09
Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)

Take action and discover your vulnerabilities