漏洞关键信息 EDB-ID: 5563 CVE: 2008-2161 Author: TIXXDZ Type: REMOTE Platform: WINDOWS Date: 2008-05-08 Vulnerable App: TFTP Server for Windows 1.4 - ST Vulnerability Details: - TFTP Server SP v1.4 for Windows remote .bss overflow exploit. - The vulnerability is due to a very long TFTP Error Packet that can overwrite the .bss section and some portion of the .idata section to patch function addresses in the IAT. - Tested on Windows XP SP2 French not patched. - Other versions may also be vulnerable. - The exploit patches the function for the TFTP Server StandAlone program and the function for the TFTP Server Service. exploit Code: - Perl script for remote exploitation. - Uses a shellcode for a Windows shell bind TCP connection. - Establishes a connection with the TFTP server and sends the crafted TFTP Error Packet to trigger the overflow and execute the shellcode.