TFTPD32 Input Validation Flaw Lets Remote Users Read and Write Files on the System
|
|
SecurityTracker Alert ID: 1005647 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 17 2002
|
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 2.50.2 and prior versions
|
Description: An input validation vulnerability was reported in TFTPD32. A remote user can view and write to files on the server located outside of the document directory.
SecuriTeam reported that a remote user can read and write any file on the system. Some demonstration exploit commands are provided:
tftp host GET /boot.ini
tftp host PUT myfile /boot.ini
|
Impact: A remote user can view files and write to files on the system that are located outside of the document directory.
|
Solution: The vendor has issued a fixed version (2.51), available at:
http://perso.wanadoo.fr/philippe.jounin/download.html
|
Vendor URL: tftpd32.jounin.net/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: support@securiteam.com
|
Message History:
None.
|
Source Message Contents
|
Date: 17 Nov 2002 22:15:05 +0200
From: support@securiteam.com
Subject: [NT] TFTPD32 Directory Traversal Vulnerability
|
The following security advisory is sent to the securiteam mailing list, and can be found at the Secur
iTeam web site: http://www.securiteam.com
- - promotion
Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -
TFTPD32 Directory Traversal Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://tftpd32.jounin.net> TFTPD32 is a Freeware TFTP server for windows
9x/NT/XP. It provides an implementation of the TFTPv2 protocol (specified
in the RFC 1350).
A vulnerability in the product allows remote attackers to view any file on
the system as well as write to arbitrary locations.
DETAILS
Vulnerable systems:
* TFTP32 version 2.50.2 and prior
Immune systems:
* TFTP32 version 2.51
Exploit:
Getting files:
tftp host GET /boot.ini
Storing files:
tftp host PUT myfile /boot.ini
ADDITIONAL INFORMATION
The information has been provided by <mailto:expert@securiteam.com>
SecurITeam Experts.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@secu
riteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.co
m
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, con
sequential, loss of business
profits or special damages.
|
|
