Detections
Analytics
Tftpd32 GET/PUT Command File Name Handling Overflow
medium Nessus Plugin ID 23650
Language:
Synopsis
The remote TFTP server is affected by a buffer overflow vulnerability.Description
The remote host appears to be running Tftpd32, a tftpd server for Windows.The version of Tftpd32 installed on the remote host appears to be affected by a buffer overflow vulnerability involving long filenames.
By leveraging this flaw, a remote attacker may be able to crash the server or to execute code on the affected host subject to the privileges under which the server operates, possibly SYSTEM since the application can be configured to run as a service.
Solution
Unknown at this time.See Also
https://www.securityfocus.com/archive/1/451951/30/0/threaded
Plugin Details
Severity: Medium
ID: 23650
File Name: tftpd32_filename_overflow.nasl
Version: 1.20
Type: remote
Agent: windows
Family: Windows
Published: 11/18/2006
Updated: 3/6/2019
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
Required KB Items: Settings/ParanoidReport, Services/udp/tftp
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 11/16/2006
Reference Information
CVE: CVE-2006-6141
BID: 21148