Tftpd32 GET/PUT Command File Name Handling Overflow

medium Nessus Plugin ID 23650

Synopsis

The remote TFTP server is affected by a buffer overflow vulnerability.

Description

The remote host appears to be running Tftpd32, a tftpd server for Windows.

The version of Tftpd32 installed on the remote host appears to be affected by a buffer overflow vulnerability involving long filenames.
By leveraging this flaw, a remote attacker may be able to crash the server or to execute code on the affected host subject to the privileges under which the server operates, possibly SYSTEM since the application can be configured to run as a service.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/451951/30/0/threaded

Plugin Details

Severity: Medium

ID: 23650

File Name: tftpd32_filename_overflow.nasl

Version: 1.20

Type: remote

Agent: windows

Family: Windows

Published: 11/18/2006

Updated: 3/6/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: Services/udp/tftp, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/16/2006

Reference Information

CVE: CVE-2006-6141

BID: 21148