Info

Disclosure

Mar 12, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A buffer overflow exists in D-Link TFTP server. The applicaton fails to validate GET and PUT requests resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

D-Link Systems, Inc.

TFTP Server

1.0

References

CVE ID: 2007-1435 (see also: NVD)
Bugtraq ID: 22923
Secunia Advisory ID: 24360
Metasploit ID: 33977
Generic Exploit URL: http://www.metasploit.com

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218