Signature Detail
Short Name |
TFTP:OPERATION:FS-TFTP-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
TFTP |
Keywords |
FutureSoft TFTP Server 2000 Transfer-Mode Overflow |
Release Date |
2010/03/22 |
Update Number |
1636 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
TFTP: FutureSoft TFTP Server 2000 Transfer-Mode Overflow
This signature detects attempts to exploit a known vulnerability against FutureSoft TFTP Server. Attackers can retrieve arbitrary files and execute remote code. The foundation for this signature is from the specifics of a Metasploit attack.
Extended Description
FutureSoft TFTP Server 2000 is affected by multiple remote vulnerabilities. Exploiting these issues can allow an attacker to retrieve arbitrary files and carry out buffer-overflow attacks. The following specific issues were identified: - Multiple buffer overflow vulnerabilities. A successful attack may allow the attacker to execute arbitrary code on a vulnerable computer and gain unauthorized access in the context of the server. A denial-of-service condition may arise as well. - A directory-traversal vulnerability. A successful attack may allow the attacker to access arbitrary files (if the server has permissions to access the file). These issues have been confirmed on TFTP Server 2000 Evaluation Version 1.0.0.1. Other versions may be affected as well.
Affected Products
- FutureSoft TFTP Server 2000 1.0.0 .0.1
References
- BugTraq: 13821
- CVE: CVE-2005-1812