Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1941 |
| Message | TFTP GET filename overflow attempt |
| Summary | This event is generated by an attempt to exploit a buffer overflow in TFTP file handling routines. |
| Impact | Implementation Dependent. Several implementations of TFTP are vulnerable to a buffer overflow when processing long TFTP get requests. This could allow arbitrary code execution or result in a Denial of Service condition. |
| Detailed Information | Insufficient bounds checking on requested filenames results in a simple to exploit buffer overflow condition. This condition can be exploited by making a request for an overly long file name. Affected Systems: Cisco IOS 11.1 Cisco IOS 11.2 Cisco IOS 11.3 ATFTP 0.6.0 and 0.6.1.1 |
| Affected Systems | |
| Attack Scenarios | Attackers with access to TFTP can exploit this condition remotely by requesting an overly long file name. |
| Ease of Attack | |
| Corrective Action | |
| Additional References | |
| Rule References | bugtraq: 5328 cve: 2002-0813 nessus: 18264 |
--
DID:487129
--
http://www.aanval.com/