Reported August 26, 2003 by storm.



VERSIONS AFFECTED

  • Tellurian TftpdNT Server 1.8 for Windows NT and Windows 9x

DESCRIPTION

A buffer-overflow condition in Tellurian TftpdNT Server 1.8 for Windows NT and Windows 9x can result in the execution of arbitrary code on the vulnerable system. This overflow occurs in the product's parsing of a filename.

VENDOR RESPONSE

Tellurian has released version 2.0, which isn't vulnerable to this condition.

CREDIT
Discovered by STORM.