Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1941 |
Message | TFTP GET filename overflow attempt |
Summary | This event is generated by an attempt to exploit a buffer overflow in TFTP file handling routines. |
Impact | Implementation Dependent. Several implementations of TFTP are vulnerable to a buffer overflow when processing long TFTP get requests. This could allow arbitrary code execution or result in a Denial of Service condition. |
Detailed Information | Insufficient bounds checking on requested filenames results in a simple to exploit buffer overflow condition. This condition can be exploited by making a request for an overly long file name. Affected Systems: Cisco IOS 11.1 Cisco IOS 11.2 Cisco IOS 11.3 ATFTP 0.6.0 and 0.6.1.1 |
Affected Systems | |
Attack Scenarios | Attackers with access to TFTP can exploit this condition remotely by requesting an overly long file name. |
Ease of Attack | |
Corrective Action | |
Additional References | |
Rule References | bugtraq: 5328 cve: 2002-0813 nessus: 18264 |
--
DID:487129
--
http://www.aanval.com/