Vulnerability Details : CVE-2008-2161
Public exploit exists!
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-2161
- cpe:2.3:a:tftp:tftp_server_sp:1.4:*:*:*:*:*:*:*When used together with: Microsoft » All Windows
- cpe:2.3:a:tftp:tftp_server_sp:1.5:*:*:*:*:*:*:*When used together with: Microsoft » All Windows
Exploit prediction scoring system (EPSS) score for CVE-2008-2161
78.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-2161
-
OpenTFTP SP 1.4 Error Packet Overflow
Disclosure Date: 2008-07-05First seen: 2020-04-26exploit/windows/tftp/opentftp_error_codeThis module exploits a buffer overflow in OpenTFTP Server SP 1.4. The vulnerable condition triggers when the TFTP opcode is configured as an error packet, the TFTP service will then format the message using a sprintf() function, which causes an overflow, therefore
CVSS scores for CVE-2008-2161
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-2161
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-2161
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42298
-
http://www.vupen.com/english/advisories/2008/1468/references
-
https://www.exploit-db.com/exploits/5563
-
http://www.securityfocus.com/bid/29111
TFTP Server Error Packet Handling Remote Buffer Overflow Vulnerability
-
http://secunia.com/advisories/30147
Vendor Advisory
Jump to