GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » TFTP Server SP Long Error Message Remote Buffer Overflow Vulnerability

 

Release Date: 09/05/2008 Severity: Moderately Critical Moderately Critical
SecWatch Advisory: SWID1021138 Cause: Boundary error
Solution Status: Unpatched Impact: Denial of service
Execution of arbitrary code
Exploit Status: None Available Access Vector: From local network
 
Affected Software: TFTP Server SP 1.x
 
References: http://milw0rm.com/exploits/5563
FrSIRT/ADV-2008-1468
Secunia: SA30147
Bugtraq ID: BID#29111

 

Description:

A vulnerability in TFTP Server SP has been reported, which can be exploited by local network users to trigger denial of service conditions or compromise a vulnerable system.

A boundary error exists when handling overly long error messages, which can be exploited to cause a BSS-based or stack-based buffer overflow and execute arbitrary code.

 

Affected:

TFTP Server SP for Windows version 1.4 and 1.5. Other versions may also be affected.

 

Solution:

There was no vendor-supplied solution at the time of entry.

 

Credits:

tixxDZ

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

27 Mar 08: TFTP Server SP Long Filename Handling Remote Buffer Overflow Vuln..