DDIVRT-2008-09 PacketTrap PT360 Tool Suite TFTP Denial of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: DDIVRT-2008-09 PacketTrap PT360 Tool Suite TFTP Denial of Service Vulnerability
From: vulnerabilityresearch@xxxxxxxxxxxxxxxxxx
Date: 3 Mar 2008 14:22:27 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Title
-----
DDIVRT-2008-09 PacketTrap PT360 Tool Suite TFTP Denial of Service

Severity
--------
Medium

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: princeofnigeria and r@b13$

Date Discovered
---------------
1/29/2008

Vulnerability Description
-------------------------
The default installation of the PacketTrap PT360 Tool Suite Version 1.1.33.1.0 
TFTP server component is susceptible to denial of service condition. A remote 
or local attacker can exploit this flaw by sending a specially crafted packet 
to the TFTP server. Successful exploitation of this flaw will cause the TFTP 
server process to crash.  The TFTP server will need to be restarted to resume 
normal TFTP server operations.

Solution Description
--------------------
PacketTrap Networks, Inc. released a patch (#3302) for this flaw on February 
29, 2008.  

Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 
1.1.33.1.0.  Other versions may be vulnerable.

Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/

Prev by Date: LayerOne 2008 Update
Next by Date: [ GLSA 200803-05 ] SplitVT: Privilege escalation
Previous by thread: LayerOne 2008 Update
Next by thread: [ GLSA 200803-05 ] SplitVT: Privilege escalation
Index(es):
- Date
- Thread