Check Point Advisories

Update Protection against Tftpd32 Request Error Message Format String Vulnerability

Check Point Reference: CPAI-2006-027
Date Published: 26 Mar 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source:

FrSIRT/ADV-2006-0263

Industry Reference:CVE-2006-0328
Protection Provided by:
Who is Vulnerable? Tftpd32 version 2.81 and earlier versions
Vulnerability Description Tftpd32 is a freeware TFTP server designed for Microsoft Windows operating systems. A vulnerability has been identified in Tftpd32, specifically in the processing of Get requests containing a malformed filename. An attacker capable of sending a specially crafted filename can cause a vulnerable application to execute code or to crash.
Update/Patch AvaliableWe are not aware of any official patch for this issue.
Vulnerability DetailsThe flaw is due to a format string error when processing a specially crafted GET request containing a malformed filename.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK