Menu

Several security issues in Open TFTP Server

ddaa
2018-04-25
2024-02-01
  • ddaa

    ddaa - 2018-04-25

    Hi,

    I found several security issues, but I cannot contact the author thought e-mail.
    I think it is not suitable disclosure at here...
    Is the project still under maintenance?

    Sincerely,
    ddaa

     
  • ichabod chico

    ichabod chico - 2019-02-05

    TFTP means Trivial File transfer protocol. There is this possibility that it would not be able to do some of the difficult tasks such as listing, removing, and retitling the files such as FTP and other advanced protocols but that is its selling point. You can get to know more about TFTP by going for https://appuals.com/the-5-best-free-tftp-servers-for-windows/ Because of the lack of advanced features it has a small memory footprint and is simple to install and apply. There is system administrator or engineer who makes sure that the TFTP server is an important tool that turns what would be boring thing to load firmware into network devices like routers and switches into another routine task. Here we will let you introduce with some best Free TFTP Servers for Windows. 1 Solarwinds TFTP Server). It is a tool that comes along with more than one design which permits you to move files at the same time and can deal file sizes of up to 4GB. Irrespective, Solarwind tries to present a protection feature to the procedure via its IP restriction feature. It’s a method where you can prohibit particular IPs that you don’t need accessing your data or only the proposed receivers. 2 WhatsUp TFTP Server). It is a free tool from IPSwitch, which is a company famous for manufacturing network monitoring tools. It permits you to transfer files of up to 4GB and it comes in dual parts. One of them is the service component that runs in the background and the second is the application component that observers and organizes the server.

     
  • ddaa

    ddaa - 2019-12-21

    Because the official bug tracker was closed and I cannot contact the author thought any way (email, sending message on SourceForce), I decided to disclosure the detail at here:

    1. CVE-2018-10387
      Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161.

    2. CVE-2018-10388
      Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

    3. CVE-2018-10389
      Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

    4. CVE-2019-12567
      Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.

    5. CVE-2019-12568
      Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and and CVE-2019-12567.

     
  • Donald1010

    Donald1010 - 2020-07-22

    A few gadgets, including diskless workstations, flimsy customers, and switches, can really boot from the system as opposed to booting from a nearby hard drive. These gadgets have little utilization of nearby stockpiling during typical tasks and henceforth aren't outfitted with harddrives. They despite everything need to boot up however, and a system boot through arrangements like BOOTP, PXE, or BSDP offers the best other option. The vast majority of these utilization TFTP for circulating the required boot record to the customers.

     
  • last reaction

    last reaction - 2024-02-01

    Some devices, like diskless workstations, lightweight clients, and switches, have the ability to boot from the network rather than relying on a local hard drive. Since these devices don't heavily rely on local storage during regular operations and lack hard drives, they still require a boot process. Network booting through protocols such as BOOTP, PXE, or BSDP provides an efficient alternative for these devices. TFTP is commonly used to distribute the necessary boot file to these clients.
    While discussing network booting, it's like preparing a delightful dish. Just as various ingredients come together to create a flavorful meal, devices like diskless workstations, lightweight clients, and switches blend different protocols such as BOOTP, PXE, or BSDP to initiate their network booting process. This analogy highlights the diverse elements, akin to a variety of flavors, that contribute to the seamless operation of these devices, ensuring they "taste" success in their functionality.

     

    Last edit: last reaction 2024-02-01

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.