Tftpd32 Error Message Format String

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote tftp server is affected by a format string vulnerability.

Description :

The remote host appears to be running Tftpd32, a tftpd server for
Windows.

There is a format string vulnerability in versions of Tftpd32 up to
and including 2.81 that may allow remote attackers to crash the server
or to execute code on the affected host subject to the privileges
under which the server operates, possibly SYSTEM since the application
can be configured to run as a service.

See also :

http://www.critical.lt/?vulnerabilities/200
http://www.securityfocus.com/archive/1/422405/30/0/threaded

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.5
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 20755 ()

Bugtraq ID: 16333

CVE ID: CVE-2006-0328

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial