Rule Document 1:2337

Report a false positive

Rule Category

PROTOCOL-TFTP -- Snort has detected traffic that may indicate the presence of the tftp protocol or vulnerabilities in the tftp protocol on the network.

Alert Message

PROTOCOL-TFTP PUT filename overflow attempt

Rule Explanation

This event is generated when an attempt to generate a denial of service against Allied Telesyn TFTP server is detected. Impact: Attempted Administrator Privilege Gain Details: Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command. Ease of Attack: Medium

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2003-0380 CVE-2003-0729 CVE-2006-4948 CVE-2006-6184 CVE-2008-1611 CVE-2009-2957 CVE-2009-2958

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2003-0380
 Loading description
CVE-2003-0729
 Loading description
CVE-2006-4948
 Loading description
CVE-2006-6184
 Loading description
CVE-2008-1611
 Loading description
CVE-2009-2957
 Loading description
CVE-2009-2958
 Loading description