GEN:SID 1:2337
Message TFTP PUT filename overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in Tellurian TftpdNT.
Impact Execution of arbitrary code. Possible unauthorised root access.
Detailed Information FTP is used to transfer files between hosts. This event is indicative of spurious
activity in FTP traffic between hosts.

It is possible for an attacker to expoit a buffer overrun condition in
Tellurian TftpdNT. User supplied filenames are not correctly handled by
some versions of Tellurian TftpdNT, this may result in an attacker being
able to cause the overrun condition to occur.
Affected Systems Tellurian TftpdNT 2.0 and prior
Attack Scenarios An attacker may use a publicly available exploit script to take
advantage of the vulnerability.
Ease of Attack Simple. Exploit code exists.
Corrective Action Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

Disallow access to FTP resources from hosts external to the protected network.

Use secure shell (ssh) to transfer files as a replacement for FTP.
Additional References  
Rule References bugtraq: 7819
bugtraq: 8505
cve: 2003-0380