Check Point Advisories

Update Protection against TFTP Server Error Packet Handling Buffer Overflow Vulnerability

Check Point Reference: CPAI-2008-137
Date Published: 8 Aug 2008
Severity: High
Last Updated: Tuesday 12 August, 2008
Source: Secunia Advisory: SA30147
Industry Reference:CVE-2008-2161
Protection Provided by:
Who is Vulnerable? TFTP Server Project TFTP Server SP 1.4
Vulnerability Description A buffer overflow vulnerability has been reported in TFTP Server. The Trivial File Transfer Protocol (TFTP) is used for file transfer, allowing a remote user to download or upload files to the server. TFTP Server is an open source TFTP server service that facilitates the transfer of files to or from the server. A remote attacker may exploit this issue to execute arbitrary code on an affected system.
Vulnerability DetailsThe vulnerability is due to a flaw in the TFTP Server that fails to properly handle TFTP error packets with overly long error messages. To trigger this issue, a remote attacker can send a specially crafted TFTP error packet to a target host. Successful exploitation of this vulnerability may allow the attacker to execute arbitrary code on the target system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.