Tftpd32 Error Message Format String

Medium Nessus Plugin ID 20755


The remote tftp server is affected by a format string vulnerability.


The remote host appears to be running Tftpd32, a tftpd server for Windows.

There is a format string vulnerability in versions of Tftpd32 up to and including 2.81 that may allow remote attackers to crash the server or to execute code on the affected host subject to the privileges under which the server operates, possibly SYSTEM since the application can be configured to run as a service.


Unknown at this time.

See Also

Plugin Details

Severity: Medium

ID: 20755

File Name: tftpd32_format_string.nasl

Version: $Revision: 1.18 $

Type: remote

Published: 2006/01/20

Modified: 2014/05/26

Dependencies: 11819

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:POC/RL:U/RC:ND

Vulnerability Information

Required KB Items: Services/udp/tftp, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2006/01/19

Reference Information

CVE: CVE-2006-0328

BID: 16333

OSVDB: 22661