TFTPUtil GUI TFTP Server Denial of Service Vulnerability
[--Vulnerability Summary--]
Title: TFTPUtil GUI TFTP Server Denial of Service Vulnerability
Product: TFTPUtil GUI
Discovered: November 26, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)
Vendor: k23productions (as per various download sites)
Vendor URL: http://sourceforge.net/projects/tftputil
Vendor notification date: December 1, 2008
Vendor response date: December 8, 2008
Vendor acknowledgment: December 8, 2008
Vendor provided fix: December 8, 2008
Release coordinated with the vendor: --
Public disclosure date: January 14, 2009
Affects: TFTPUtil GUI versions 1.2.0 and 1.3.0
Fixed in: 1.4.0
Risk: High
Vulnerability Description: TFTPUtil GUI versions 1.2.0 and 1.3.0 are vulnerable
to a remote denial-of-service vulnerability because it fails to handle
user-supplied input. Sending a specially crafted TFTP request with a overlong
filename will cause the application to become unstable and stop responding.
Impact: A remote or local attacker can exploit this flaw by sending a specially
crafted packet to the TFTP server. Successful exploitation of this flaw will
cause the TFTP server process to crash preventing valid users or devices from
using the service. The TFTP server will need to be restarted to resume normal
TFTP server operations.
Keywords: security, vulnerability, tftp, dos, princeofnigeria, gui, windows,
server, denial, service
[--Background--]
Type of vulnerability: Input validation flaw
Who can exploit it: Local or Remote users
TFTPUtil GUI is an application that provides services for transferring
configuration files, firmware files and other types of data using the TFTP
protocol. The application should validate and sanitize all user input to
prevent unexpected conditions.
Vulnerability Scope: The default installation of TFTPUtil 1.20. or 1.3.0 will
allow exploitation of this vulnerability.
[--More Details--]
Exploitation of this flaw is trivial and can be executed using any RFC 1350
compliant TFTP client software. No exploit code is required.
[--Fix or Workaround Information--]
Patch availability: 1.4.0
Vendor provided fix: 1.4.0
Workarounds: Upgrade to version 1.4.0 addresses this vulnerability
[--Disclosure Policy--]
PrinceofNigeria.org Vulnerability Disclosure Policy
http://www.princeofnigeria.org/blogs/index.php/vulndev/vulnreleasepolicy/?blog=1
[--Disclosure History--]
Public disclosure date: January 14, 2009
[--References--]
CVE-ID:
Bugtraq ID:
Secunia ID:
OSVDB ID:
[--Author--]
Rob Kraus, princeofnigeria (PoN)
Website: www.princeofnigeria.org/blogs