TFTPD32 Request Error Message Format String Vulnerability Network Vulnerability

Summary

This host is running TFTPD32 and is prone to format string vulnerability.

Impact

Successful exploitation will allow attacker to cause a denial of service. Impact Level: Application

Solution

Upgrade to Tftpd32 version 2.8.2 or later, For updates refer to http://tftpd32.jounin.net/

Insight

The flaw is due to a format string error when the filename received in a TFTP request is used to construct an error message. This can be exploited to crash the application via a TFTP request packet containing a specially crafted filename.

Affected

Tftpd32 version 2.81

References

http://secunia.com/advisories/18539
http://www.exploit-db.com/exploits/1424
http://www.kb.cert.org/vuls/id/632633
http://www.osvdb.org/22661
http://www.securityfocus.com/archive/1/422405
http://xforce.iss.net/xforce/xfdb/24250

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-0328

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Comodo Internet Security Denial of Service Vulnerability-02
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Win
Apple Safari 'WebKit.dll' Stack Consumption Vulnerability
Apache Tomcat Content-Type Header Denial Of Service Vulnerability
Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities