Futuresoft TFTP Server multiple vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Futuresoft TFTP Server multiple vulnerabilities
updated since 01.06.2005
Published: 18.07.2005
Source: SECUNIA
SecurityVulns ID: 4844
Type: remote
Level: 5/10
Description: Directory traversal, buffer overflow.

Affected: FUTURESOFT : TFTP Server 2000 1.0
CVE: CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.)
CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT) 1.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by sending a crafted packet to port 69/UDP, which triggers the overflow when constructing an absolute path name. NOTE: Some details are obtained from third party information.)
CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.)

Original document SECUNIA, [SA15539] FutureSoft TFTP Server 2000 Directory Traversal and Buffer Overflows (01.06.2005)

Files: FutureSoft TFTP Server 2000 Remote SEH Overwrite Exploit
FutureSoft TFTP Server 2000 Remote Buffer Overflow Exploit (Metasploit)
Discuss: Read or add your comments to this news (0 comments)