[Openvas-discuss] FP: Hillstone Software TFTP Write/Read Request Server Denial Of Service

[Reindl Harald]

well, i honestly doubt that on our reverse-proxy something is listening 
on UDP ports at all..............
___________________________________

Proto Recv-Q Send-Q Local Address           Foreign Address 
State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:* 
LISTEN      20065/traffic_manag
tcp        0      0 127.0.0.1:8083          0.0.0.0:* 
LISTEN      20065/traffic_manag
tcp        0      0 127.0.0.1:8084          0.0.0.0:* 
LISTEN      20072/traffic_serve
tcp        0      0 127.0.0.1:53            0.0.0.0:* 
LISTEN      811/dnsmasq
tcp        0      0 0.0.0.0:443             0.0.0.0:* 
LISTEN      20065/traffic_manag
tcp        0      0 0.0.0.0:10022           0.0.0.0:* 
LISTEN      17385/sshd
udp        0      0 127.0.0.1:53            0.0.0.0:* 
       811/dnsmasq
___________________________________
Hillstone Software TFTP Write/Read Request Server Denial Of Service 
Vulnerability 	WillNotFix 	
5.0 (Mittel)
        99%     10.0.0.4        69/udp  
Notiz hinzufügen
Übersteuerung hinzufügen
Zusammenfassung

This host is running Hillstone Software TFTP Server and is prone to 
denial of service vulnerability.
Ergebnis zur Schwachstellenerkennung

Schwachstelle wurde gemäß der Methode zur Schwachstellenerkennung erkannt.
Auswirkungen

Successful exploitation will allow attacker to crash the server process, 
resulting in a denial-of-service condition.

Impact Level: Application
Lösung

Art der Lösung: WillNotFix WillNotFix

No solution or patch was made available for at least one year since 
disclosure of this vulnerability. Likely none will be provided anymore. 
General solution options are to upgrade to a newer release, disable 
respective features, remove the product or replace the product by 
another one.
Betroffene Software/OS

Hillstone Software HS TFTP version 1.3.2
Schwachstellen-Einblick

The flaw is caused by an error when processing TFTP write and read 
requests, which can be exploited to crash the server via a specially 
crafted request sent to UDP port 69.
Methode zur Schwachstellenerkennung

Details: Hillstone Software TFTP Write/Read Request Server Denial Of 
Service Vulnerabili... (OID: 1.3.6.1.4.1.25623.1.0.802406)

Benutzte Version: $Revision: 3117 $
Verweise

CVE:    CVE-2011-4720
BID:    50886
Andere:         http://secpod.org/blog/?p=419
        http://packetstormsecurity.org/files/107468/hillstone-dos.txt
        
http://secpod.org/advisories/SecPod_Hillstone_Software_HS_TFTP_Server_DoS.txt
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss