| VID |
12078 |
| Severity |
40 |
| Port |
69 |
| Protocol |
UDP |
| Class |
TFTP |
| Detailed Description |
The TFTP server is vulnerable to a denial service attack via an overly long file name. Trivial File Transfer Protocol (TFTP) is a protocol that allows for easy transfer of files without requiring authentication between network-connected devices. Some TFTP servers are vulnerable to a denial of service attack, caused by a buffer overflow. By sending a Read Request (RRQ) containing a file name of 1000 or more characters to the TFTP server, a remote attacker could cause the affected server to crash.
* References:
http://archives.neohapsis.com/archives/bugtraq/2002-07/0352.html
http://archives.neohapsis.com/archives/bugtraq/2003-06/0056.html
http://archives.neohapsis.com/archives/bugtraq/2003-06/0032.html
http://www.debian.org/security/2003/dsa-314
http://www.linuxsecurity.com/content/view/105077/104/
http://www.securiteam.com/exploits/5ZP0E0AAAU.html
http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml
http://www.phenoelit.de/stuff/Cisco_tftp.txt
* Platforms Affected:
Any TFTP server Any version
Any operating system Any version |
| Recommendation |
Consider disabling the affected TFTP server if it is not required. Otherwise contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2002-0813,CVE-2003-0380 (CVE) |
| Related URL |
401,5328,7819 (SecurityFocus) |
| Related URL |
9700,12192 (ISS) |
|
