Vulnerabilities > CVE-2006-4948 - Unspecified vulnerability in Prosysinfo Tftp Server Tftpdwin
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description TFTPDWIN v0.4.2 Long Filename Buffer Overflow. CVE-2006-4948. Remote exploit for windows platform id EDB-ID:16346 last seen 2016-02-01 modified 2010-04-30 published 2010-04-30 reporter metasploit source https://www.exploit-db.com/download/16346/ title TFTPDWIN 0.4.2 - Long Filename Buffer Overflow description ProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BOF Exploit. CVE-2006-4948. Remote exploit for windows platform id EDB-ID:7452 last seen 2016-02-01 modified 2008-12-14 published 2008-12-14 reporter SkD source https://www.exploit-db.com/download/7452/ title ProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BoF Exploit description TFTPDWIN 0.4.2 Remote Buffer Overflow Exploit. CVE-2006-4948. Remote exploit for windows platform id EDB-ID:3132 last seen 2016-01-31 modified 2007-01-15 published 2007-01-15 reporter Jacopo Cervini source https://www.exploit-db.com/download/3132/ title TFTPDWIN 0.4.2 - Remote Buffer Overflow Exploit
Metasploit
description | This module exploits the ProSysInfo TFTPDWIN threaded TFTP Server. By sending an overly long file name to the tftpd.exe server, the stack can be overwritten. |
id | MSF:EXPLOIT/WINDOWS/TFTP/TFTPDWIN_LONG_FILENAME |
last seen | 2020-06-13 |
modified | 2017-11-08 |
published | 2007-10-03 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4948 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/tftp/tftpdwin_long_filename.rb |
title | TFTPDWIN v0.4.2 Long Filename Buffer Overflow |
Packetstorm
data source | https://packetstormsecurity.com/files/download/83228/tftpdwin_long_filename.rb.txt |
id | PACKETSTORM:83228 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | patrick |
source | https://packetstormsecurity.com/files/83228/TFTPDWIN-v0.4.2-Long-Filename-Buffer-Overflow.html |
title | TFTPDWIN v0.4.2 Long Filename Buffer Overflow |
References
- http://secunia.com/advisories/21854
- http://secunia.com/advisories/21854
- http://www.osvdb.org/29032
- http://www.osvdb.org/29032
- http://www.securityfocus.com/bid/20131
- http://www.securityfocus.com/bid/20131
- http://www.vupen.com/english/advisories/2006/3731
- http://www.vupen.com/english/advisories/2006/3731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29075
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29075