Vulnerabilities > CVE-2006-0328 - Remote Format String vulnerability in Philippe Jounin Tftpd32 2.81
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Tftpd32 2.81 (GET Request) Format String Denial of Service PoC. CVE-2006-0328. Dos exploit for windows platform |
id | EDB-ID:1424 |
last seen | 2016-01-31 |
modified | 2006-01-19 |
published | 2006-01-19 |
reporter | Critical Security |
source | https://www.exploit-db.com/download/1424/ |
title | Tftpd32 2.81 - GET Request Format String Denial of Service PoC |
Nessus
NASL family | Gain a shell remotely |
NASL id | TFTPD32_FORMAT_STRING.NASL |
description | The remote host appears to be running Tftpd32, a tftpd server for Windows. There is a format string vulnerability in versions of Tftpd32 up to and including 2.81 that may allow remote attackers to crash the server or to execute code on the affected host subject to the privileges under which the server operates, possibly SYSTEM since the application can be configured to run as a service. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20755 |
published | 2006-01-20 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20755 |
title | Tftpd32 Error Message Format String |
References
- http://secunia.com/advisories/18539
- http://securityreason.com/securityalert/362
- http://www.critical.lt/?vulnerabilities/200
- http://www.critical.lt/research/tftpd32_281_dos.txt
- http://www.kb.cert.org/vuls/id/632633
- http://www.osvdb.org/22661
- http://www.securityfocus.com/archive/1/422405/100/0/threaded
- http://www.securityfocus.com/bid/16333
- http://www.vupen.com/english/advisories/2006/0263
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24250