Vulnerabilities > CVE-2006-4948 - Remote Buffer Overflow vulnerability in ProSysInfo TFTPDWIN

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
prosysinfo
exploit available
metasploit
NVD
Published: 2006-09-23
Updated: 2017-07-20

Summary

Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Prosysinfo
1

Exploit-Db

  • descriptionTFTPDWIN v0.4.2 Long Filename Buffer Overflow. CVE-2006-4948. Remote exploit for windows platform
    idEDB-ID:16346
    last seen2016-02-01
    modified2010-04-30
    published2010-04-30
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16346/
    titleTFTPDWIN 0.4.2 - Long Filename Buffer Overflow
  • descriptionProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BOF Exploit. CVE-2006-4948. Remote exploit for windows platform
    idEDB-ID:7452
    last seen2016-02-01
    modified2008-12-14
    published2008-12-14
    reporterSkD
    sourcehttps://www.exploit-db.com/download/7452/
    titleProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BoF Exploit
  • descriptionTFTPDWIN 0.4.2 Remote Buffer Overflow Exploit. CVE-2006-4948. Remote exploit for windows platform
    idEDB-ID:3132
    last seen2016-01-31
    modified2007-01-15
    published2007-01-15
    reporterJacopo Cervini
    sourcehttps://www.exploit-db.com/download/3132/
    titleTFTPDWIN 0.4.2 - Remote Buffer Overflow Exploit

Metasploit

descriptionThis module exploits the ProSysInfo TFTPDWIN threaded TFTP Server. By sending an overly long file name to the tftpd.exe server, the stack can be overwritten.
idMSF:EXPLOIT/WINDOWS/TFTP/TFTPDWIN_LONG_FILENAME
last seen2020-06-13
modified2017-11-08
published2007-10-03
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4948
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/tftp/tftpdwin_long_filename.rb
titleTFTPDWIN v0.4.2 Long Filename Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83228/tftpdwin_long_filename.rb.txt
idPACKETSTORM:83228
last seen2016-12-05
published2009-11-26
reporterpatrick
sourcehttps://packetstormsecurity.com/files/83228/TFTPDWIN-v0.4.2-Long-Filename-Buffer-Overflow.html
titleTFTPDWIN v0.4.2 Long Filename Buffer Overflow

References