lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061117020228.16407.qmail@securityfocus.com> Date: 17 Nov 2006 02:02:28 -0000 From: liuqx@...c.org.cn To: bugtraq@...urityfocus.com Subject: TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability A vulnerability has been identified in TFTP Server TFTPD32 v3.01, which could be exploited by attackers to cause a denial of service. It was due to the title of the gauge window which was limited to 256 char --> not enough to store the file name and the client address. The user can download newly version of the tftp server(http://philippe.jounin.net/tftpd32_download.html)