| VID |
12077 |
| Severity |
40 |
| Port |
69 |
| Protocol |
UDP |
| Class |
TFTP |
| Detailed Description |
The TFTP server is vulnerable to a denial service attack via a long file name. Trivial File Transfer Protocol (TFTP) is a protocol that allows for easy transfer of files without requiring authentication between network-connected devices. Some TFTP servers are vulnerable to a denial of service attack, caused by a buffer overflow. By sending a Read Request (RRQ) containing a file name of 1000 or more characters to the TFTP server, a remote attacker could cause the affected server to crash.
* References:
http://www.securityfocus.com/archive/1/401818
http://secunia.com/advisories/15539/
http://www.security.org.sg/vuln/tftp2000-1001.html
* Platforms Affected:
Any TFTP server Any version
Any operating system Any version |
| Recommendation |
Consider disabling the affected TFTP server if it is not required. Otherwise contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2005-1812 (CVE) |
| Related URL |
13821,13908 (SecurityFocus) |
| Related URL |
20837 (ISS) |
|
