Description
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
Affected products
- Acronis / snap_deploy2.0.0.1076 – 2.0.0.1076
References
- MISChttp://aluigi.altervista.org/adv/acropxe-adv.txt
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/0814/references
- MISChttp://www.securityfocus.com/bid/28182
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/41075
- MISChttp://www.securityfocus.com/archive/1/489358/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/29305
- MISChttp://securityreason.com/securityalert/3758
- EXPLOIThttps://www.exploit-db.com/exploits/5228