Summary
This host is running TFTPD32 and is prone to format string vulnerability.
Impact
Successful exploitation will allow attacker to cause a denial of service.
Impact Level: Application
Solution
Upgrade to Tftpd32 version 2.8.2 or later,
For updates refer to http://tftpd32.jounin.net/
Insight
The flaw is due to a format string error when the filename received in a TFTP request is used to construct an error message. This can be exploited to crash the application via a TFTP request packet containing a specially crafted filename.
Affected
Tftpd32 version 2.81
References
Severity
Classification
-
CVE CVE-2006-0328 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- ejabberd 'client2server' Message Remote Denial of Service Vulnerability
- FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
- CUPS Denial of Service Vulnerability - Jun09
- Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
- F-PROT Antivirus Multiple Vulnerabilities