Vulnerabilities > CVE-2007-1435 - Remote Buffer Overflow vulnerability in D-Link Tftp Server 1.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
d-link
critical
exploit available
metasploit
NVD
Published: 2007-03-13
Updated: 2008-11-13

Summary

Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
D-Link
1

Exploit-Db

  • descriptionD-Link TFTP 1.0 Transporting Mode Remote Buffer Overflow Vulnerability. CVE-2007-1435. Remote exploit for hardware platform
    idEDB-ID:29735
    last seen2016-02-03
    modified2007-03-12
    published2007-03-12
    reporterLSO
    sourcehttps://www.exploit-db.com/download/29735/
    titleD-Link TFTP 1.0 - Transporting Mode Remote Buffer Overflow Vulnerability
  • descriptionD-Link TFTP 1.0 Long Filename Buffer Overflow. CVE-2007-1435. Remote exploit for windows platform
    idEDB-ID:16345
    last seen2016-02-01
    modified2010-05-09
    published2010-05-09
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16345/
    titleD-Link TFTP 1.0 - Long Filename Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in D-Link TFTP 1.0. By sending a request for an overly long file name, an attacker could overflow a buffer and execute arbitrary code. For best results, use bind payloads with nonx (No NX).
idMSF:EXPLOIT/WINDOWS/TFTP/DLINK_LONG_FILENAME
last seen2020-03-10
modified2017-11-08
published2009-02-26
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1435
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/tftp/dlink_long_filename.rb
titleD-Link TFTP 1.0 Long Filename Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83123/dlink_long_filename.rb.txt
idPACKETSTORM:83123
last seen2016-12-05
published2009-11-26
reporterpatrick
sourcehttps://packetstormsecurity.com/files/83123/D-Link-TFTP-1.0-Long-Filename-Buffer-Overflow.html
titleD-Link TFTP 1.0 Long Filename Buffer Overflow

References