Walusoft TFTP Server Input Validation Flaw Lets Remote Users Traverse the Directory
|
|
SecurityTracker Alert ID: 1021518 |
|
SecurityTracker URL: http://securitytracker.com/id/1021518
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Jan 6 2009
|
Original Entry Date: Jan 5 2009
|
Impact:
Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 3.6.1
|
Description:
A vulnerability was reported in Walusoft TFTP Server. A remote user can view files on the target system.
The software does not properly validate user-supplied input. A remote user can supply a specially crafted TFTP GET request to view files on target system that are located outside of the document directory.
Rob Kraus, princeofnigeria (PoN), reported this vulnerability.
|
Impact:
A remote user can view files on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.walusoft.co.uk/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 5 Jan 2009 10:22:08 -0700
Subject: Walusoft TFTPServer2000 Version 3.6.1 Directory Traversal
|
[--Vulnerability Summary--]
Title: Walusoft TFTPServer2000 Version 3.6.1 Directory Traversal
Product: Walusoft TFTPServer2000 Version 3.6.1
Discovered: November 9, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)
Vendor: Walusoft
Vendor URL: No longer exists (no contact information available)
Public disclosure date: January 5, 2009
Affects: Walusoft TFTPServer2000 Version 3.6.1
Fixed in: No fix currently available.
Risk: Medium
Vulnerability Description: Walusoft TFTPServer2000 Version 3.6.1 are prone to a directory-traversal vulnerability because it fails
to sanitize TFTP GET requests. By using a specially crafted TFTP GET request an attacker is capable of retrieving files outside of
the TFTP root directory.
Impact: The ability to obtain files outside of the TFTP root directory may allow an attacker to obtain more information about the
underlying operating system and applications running on the host.
Keywords: security, vulnerability, tftp, directory traversal, princeofnigeria, gui, windows, server
[--Background--]
Type of vulnerability: Input validation flaw
Who can exploit it: Local and remote users
Walusoft TFTPServer2000 Version 3.6.1 is an application that provides services for transferring configuration files, firmware files
and other types of data using the TFTP protocol. The application should restrict GET requests to the contents of the TFTP root directory
to prevent obtaining data from other parts of the host operating system.
Vulnerability Scope: The default installation of Walusoft TFTPServer2000 Version 3.6.1 will allow exploitation of this vulnerability.
This software is licensed to and re-branded by many VoIP phone systems manufacturers. Verification of the product origin can be obtained
by reading the about page.
[--More Details--]
Exploitation of this flaw is trivial and can be executed using any RFC 1350 compliant TFTP client software. No exploit code is required.
[--Fix or Workaround Information--]
Patch availability: None
Vendor provided fix: None
Workarounds: No patch is available at this time. The analyst recommended work around is described as follows:
“Upon initial installation, the software fails to define or restrict the TFTP root directory to a specific directory and an attacker
is able to gain access to operating system files. To fix this issue the TFTP server administrator show explicitly define the TFTP
root directory on the System >> Setup menu, Server Options “Outbound” tab.”
[--Disclosure Policy--]
PrinceofNigeria.org Vulnerability Disclosure Policy
http://www.princeofnigeria.org/blogs/index.php/vulndev/vulnreleasepolicy/?blog=1
[--Disclosure History--]
Public disclosure date: January 5, 2009
[--References--]
CVE-ID:
Bugtraq ID:
Secunia ID:
OSVDB ID:
[--Author--]
Rob Kraus, princeofnigeria (PoN)
Website: www.princeofnigeria.org/blogs
|
|
