• Home
• Services
• Labs
• About
• Contact

RedTeam Labs Awarded CVE-2010-2028

We are pleased to announce that a vulnerability discovered by RedTeam Labs was awarded a CVE just recently (CVE-2010-2028). We feel that not only does this demonstrate the security expertise of our team, but it also demonstrates our commitment to contributing to the security community through research.

As further contribution to the security community, we've ported the proof of concept code to the Metasploit framework. Click here for the Metasploit proof of concept code.

About CVE
The Common Vulnerabilities and Exposures or CVE system provides a reference-method for publicly-known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.

About CVE-2010-2028
Jeremiah Talamantes, Principal Security Consultant and Security Researcher at RedTeam, has discovered a 0-day security vulnerability in TFTPGUI version 1.4.5. The security vulnerability in the TFTP server application revolves around unexpected behavior when sending an overly long transport mode string. An attacker can execute a remote Denial-of-Service attack on the server application by sending a string of malicious characters causing the program to crash.

Related Links
* CVE-2010-2028: National Vulnerability Database (US-CERT)
* Mitre Database: CVE-2010-2028
* XForce ISS Link

• Company News
• General
• Industry News
• Research

The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com