CVE-2006-0328
published 2006-01-21CVE-2006-0328: Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2)…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.40%
93.7th percentile
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| philippe_jounin | tftpd32 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x00\x01
bytes↗
\x6F\x63\x74\x65\x74\x00
- →Detect TFTP GET requests (opcode 0x0001) containing format string specifiers (e.g., '%x', '%n', '%s') in the filename field on UDP port 69. ↗
- →TFTP packet beginning with opcode bytes \x00\x01 (GET/RRQ) followed by a filename field containing '%.1000x' or similar format string patterns should be flagged as exploitation attempts. ↗
- →Monitor UDP port 69 traffic for TFTP RRQ or WRQ packets where the filename field contains '%' characters, which are not valid in normal TFTP filenames. ↗
- ·The PoC targets localhost (127.0.0.1); in real attacks the destination would be the remote Tftpd32 host. Ensure detection rules are not scoped only to loopback traffic. ↗
- ·Vulnerability is confirmed only in Tftpd32 version 2.81; other versions may or may not be affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
bugzilla·2007-04-19·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
A number of flaws affect the version of Tomcat5 shipped with RHDS3. Please see
linked bugs for details.
Discussion:
Run manually:
http://yakko.test.redhat.com/run.php?runid=14719
http://yakko.test.redhat.com/run.php?runid=14720
---
Thanks Mark.
Vivek, Can you check those test runs and sign off on the changes as required.
Thanks.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0328.html
Bugzilla
CVE-2006-0749 Firefox Tag Order Vulnerability
bugzilla·2006-03-01·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Firefox Tag Order Vulnerability
CVE-2006-0749 Firefox Tag Order Vulnerability
There exists a remotely exploitable code execution vulnerability in Mozilla
Firefox related to the order tags appear in an HTML document. It is possible
for a malicious web page to execute arbitrary code as the user running Firefox.
Discussion:
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0328.html
---
An advisory has been issued which should help the problem
described in this bug report. This rep
http://secunia.com/advisories/18539http://securityreason.com/securityalert/362http://www.critical.lt/?vulnerabilities/200http://www.critical.lt/research/tftpd32_281_dos.txthttp://www.kb.cert.org/vuls/id/632633http://www.osvdb.org/22661http://www.securityfocus.com/archive/1/422405/100/0/threadedhttp://www.securityfocus.com/bid/16333http://www.vupen.com/english/advisories/2006/0263https://exchange.xforce.ibmcloud.com/vulnerabilities/24250http://secunia.com/advisories/18539http://securityreason.com/securityalert/362http://www.critical.lt/?vulnerabilities/200http://www.critical.lt/research/tftpd32_281_dos.txthttp://www.kb.cert.org/vuls/id/632633http://www.osvdb.org/22661http://www.securityfocus.com/archive/1/422405/100/0/threadedhttp://www.securityfocus.com/bid/16333http://www.vupen.com/english/advisories/2006/0263https://exchange.xforce.ibmcloud.com/vulnerabilities/24250
2006-01-21
Published