Check Point Advisories

3Com TFTP Server Transporting Mode Remote Buffer Overflow (CVE-2006-6183)

Vulnerability
Protection

Check Point Reference:	CPAI-2007-014
Date Published:	15 Jan 2007
Severity:	Medium
Last Updated:	Tuesday 15 November, 2011
Source:
Industry Reference:	CVE-2006-6183
Protection Provided by:	Security Gateway R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description	Trivial File Transfer Protocol (TFTP) is a protocol used for transferringfiles, allowing remote users to download and upload files to the server. TheTFTP server communicates with clients over UDP port 69. 3Com TFTP Server is a TFTP server service used for easier transfer of filesto or from the server. A remote attacker may send a specially crafted TFTP request packet to avulnerable server. This may allow the attacker to create a denial of servicecondition or execute arbitrary code on an affected system. Any codeexecution will be within the context of the running service, normally"System".

Protection Overview

This protection will block malformed TFTP requests.The detect mode makes it possible to track unauthorized traffic without blocking it.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

In the IPS tab, click Protections and find the 3Com TFTP Server Transporting Mode Remote Buffer Overflow protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: TFTP Enforcement Violation.
Attack Information: 3Com TFTP server transporting mode remote buffer overflow