TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability
From: liuqx@xxxxxxxxxxx
Date: 17 Nov 2006 02:02:28 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

A vulnerability has been identified in TFTP Server TFTPD32 v3.01, which could 
be exploited by attackers to cause a denial of service. It was due to the title 
of the gauge window which was limited to 256 char --> not enough to store the 
file name and the client address. 
The user can download newly version of the tftp 
server(http://philippe.jounin.net/tftpd32_download.html)

Prev by Date: 20/20 real estate [ multiples injection sql ]
Next by Date: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
Previous by thread: 20/20 real estate [ multiples injection sql ]
Next by thread: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
Index(es):
- Date
- Thread