###############################################################################
AT-TFTP Server v1.8 Remote Denial of Service Vulnerability
SecPod Technologies (www.secpod.com)
Author: Antu Sanadi
###############################################################################
SecPod ID: 1013 01/04/2011 Issue Discovered
04/04/2011 Vendor Notified
No Response from the Vendor
25/04/2011 Advisory Released
Class: Denial of Service Severity: High
AT-TFTP Server v1.8 is prone to a remote Denial of Service vulnerability
as it fails to handle 'read' requests from the client properly.
The vulnerability is caused by an error in the "TFTPD.EXE" which causes the
server to crash when no acknowledgement response is sent back to the server
after a successful 'read'.
Successful exploitation could allow an attacker to crash a vulnerable server.
AT-TFTP Server version 1.8
Tested on,
AT-TFTP Server version 1.8 on Windows XP SP3
http://secpod.org/blog/?p=194
http://www.alliedtelesis.co.nz/
http://secpod.org/SecPod_AT_TFTP_DoS-POC.py
http://secpod.org/advisories/SecPod_AT_TFTP_DoS.txt
http://secpod.org/blog/?p=194
http://secpod.org/SecPod_AT_TFTP_DoS-POC.py
Not available
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = LOW
AUTHENTICATION = NONE
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = NONE
AVAILABILITY_IMPACT = COMPLETE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 7.8 (High) (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Antu Sanadi of SecPod Technologies has been credited with the discovery of this
vulnerability.