TFTPUtil GUI TFTP Directory Traversal

2009.01.30
Credit: vuln_research
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2009-0288
CWE: CWE-22


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Title: TFTPUtil GUI TFTP Directory Traversal Product: TFTPUtil GUI Discovered: November 26, 2008 Discovered by: Rob Kraus, princeofnigeria (PoN) Vendor: k23productions Vendor URL: http://sourceforge.net/projects/tftputil Vendor notification date: December 1, 2008 Vendor response date: December 8, 2008 Vendor acknowledgement: December 8, 2008 Vendor provided fix: December 8, 2008 Release coordinated with the vendor: -- Public disclosure date: January 14, 2009 Affects: TFTPUtil GUI versions 1.2.0 and 1.3.0 Fixed in: 1.4.0 Risk: Medium Vulnerability Description: TFTPUtil GUI versions 1.2.0 and 1.3.0 are prone to a directory-traversal vulnerability because it fails to sanitize TFTP GET requests. By using a specially crafted TFTP GET request an attacker is capable of retrieving files outside of the TFTP root directory. Impact: The ability to obtain files outside of the TFTP root directory may allow an attacker to obtain more information about the underlying operating system and applications running on the host. Keywords: security, vulnerability, tftp, directory traversal, princeofnigeria, gui, windows, server [--Background--] Type of vulnerability: Input validation flaw Who can exploit it: Local and remote users TFTPUtil GUI is an application that provides services for transferring configuration files, firmware files and other types of data using the TFTP protocol. The application should restrict GET requests to the contents of the TFTP root directory to prevent obtaining data from other parts of the host operating system. Vulnerability Scope: The default installation of TFTPUtil 1.20. or 1.3.0 will allow exploitation of this vulnerability. [--More Details--] Exploitation of this flaw is trivial and can be executed using any RFC 1350 compliant TFTP client software. No exploit code is required. [--Fix or Workaround Information--] Patch availability: 1.4.0 Vendor provided fix: 1.4.0 Workarounds: Update to 1.4.0 [--Disclosure Policy--] PrinceofNigeria.org Vulnerability Disclosure Policy http://www.princeofnigeria.org/blogs/index.php/vulndev/vulnreleasepolicy /?blog=1 [--Disclosure History--] Public disclosure date: January 14, 2009 [--References--] CVE-ID: Bugtraq ID: Secunia ID: OSVDB ID: [--Author--] Rob Kraus, princeofnigeria (PoN) Website: www.princeofnigeria.org/blogs

References:

http://www.securityfocus.com/bid/33287
http://sourceforge.net/forum/forum.php?forum_id=894598
http://xforce.iss.net/xforce/xfdb/48019
http://www.securityfocus.com/archive/1/archive/1/500106/100/0/threaded
http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal
http://secunia.com/advisories/33561


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top