TFTPD32 Request Error Message Format String Vulnerability Network Vulnerability

Summary

This host is running TFTPD32 and is prone to format string vulnerability.

Impact

Successful exploitation will allow attacker to cause a denial of service. Impact Level: Application

Solution

Upgrade to Tftpd32 version 2.8.2 or later, For updates refer to http://tftpd32.jounin.net/

Insight

The flaw is due to a format string error when the filename received in a TFTP request is used to construct an error message. This can be exploited to crash the application via a TFTP request packet containing a specially crafted filename.

Affected

Tftpd32 version 2.81

References

http://secunia.com/advisories/18539
http://www.exploit-db.com/exploits/1424
http://www.kb.cert.org/vuls/id/632633
http://www.osvdb.org/22661
http://www.securityfocus.com/archive/1/422405
http://xforce.iss.net/xforce/xfdb/24250

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-0328
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV 'parseicon()' Denial Of Service Vulnerability
ejabberd XML Parsing Denial of Service Vulnerability (Windows)
Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win)
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
DB2 discovery service DOS

Take action and discover your vulnerabilities