CVE-2004-2432

Vulnerability

WinAgents TFTP Server version 3.0 contains a vulnerability that allows remote attackers to cause a denial of service (crash) by sending a request for a file with an excessively long filename. This issue is likely due to an off-by-one buffer overflow in handling the filename. The affected version is 3.0, as per the advisory [1] and exploit reference [2].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted TFTP request to the server with a filename exceeding a certain length. No authentication is required, and the attack can be performed remotely over the network. The specific steps involve constructing a TFTP Read Request (RRQ) or Write Request (WRQ) packet with an overly long filename field.

Impact

Successful exploitation causes the TFTP server process to crash, resulting in a denial of service. The crash may disrupt file transfer services, but no code execution or data compromise has been reported.

Mitigation

No official patch or fixed version has been released by the vendor. As of the publication date, the only mitigation is to restrict access to the TFTP server via firewall rules or to disable the service if not required. The product may be end-of-life.