TFTP.Filename.Format.String

Release Date Feb 26, 2007
Severity medium
Impact Denial of service
Description A vulnerability has been identified in TFTPD32, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a format string error when processing a specially crafted GET request containing a malformed filename, which could be exploited by attackers to crash a vulnerable application and possibly execute arbitrary code.
Affected Products TFTPD32 version 2.81 and prior.
Recommended Actions Currently we are not aware of any vendor-supplied patches for this issue. http://tftpd32.jounin.net/
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2006-0328
Reference/s http://www.critical.lt/research/tftpd32_281_dos.txt http://www.securityfocus.com/bid/16333 (BugTraq) http://www.frsirt.com/english/advisories/2006/0263 (FrSIRT)

Fortinet