1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: TFTP Server CVE-2008-1611

Attack: TFTP Server CVE-2008-1611

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in TFTP Server 1.4 which may result in remote code execution.

Additional Information

TFTP Server is a multithreaded Trivial File Transfer Protocol (TFTP) server.

The application is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before storing it in a finite-sized memory buffer. The vulnerability occurs when the application handles specially crafted packets to TCP port 69.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • TFTP Server 1.4 running on Windows is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube