Update Protection against TFTP Server Error Packet Handling Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2008-137 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA30147 | |
| Industry Reference(s): | CVE-2008-2161 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? TFTP Server Project TFTP Server SP 1.4 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in TFTP Server. The Trivial File Transfer Protocol (TFTP) is used for file transfer, allowing a remote user to download or upload files to the server. TFTP Server is an open source TFTP server service that facilitates the transfer of files to or from the server. A remote attacker may exploit this issue to execute arbitrary code on an affected system. |
||
|
Vulnerability Details The vulnerability is due to a flaw in the TFTP Server that fails to properly handle TFTP error packets with overly long error messages. To trigger this issue, a remote attacker can send a specially crafted TFTP error packet to a target host. Successful exploitation of this vulnerability may allow the attacker to execute arbitrary code on the target system. |
Protection Overview
By enabling this protection, IPS-1 will detect and block TFTP requests with overly long error messages.
In order for the protection to be activated, update your product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.