Ipswitch WhatsUp TFTP Server Input Validation Flaw Lets Remote Users Traverse the Directory
|
|
SecurityTracker Alert ID: 1026368 |
|
SecurityTracker URL: http://securitytracker.com/id/1026368
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 3 2011
|
Impact:
Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
|
Description:
A vulnerability was reported in IPSwitch WhatsUp. A remote user can view files on the target system.
The TFTP server does not properly validate user-supplied input. A remote user can supply a specially crafted request containing '../' characters to view files on target system that are located outside of the document directory.
Systems running the TFTP server version 1.0.0.24 (and possibly other versions) are affected.
The original advisory is available at:
http://secpod.org/blog/?p=424
Prabhu S Angadi from SecPod Technologies reported this vulnerability.
|
Impact:
A remote user can view files on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.ipswitch.com/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 03 Dec 2011 04:16:26 +0000
Subject: Ipswitch WhatsUp Gold
|
Ipswitch TFTP Server Directory Traversal Vulnerability
http://secpod.org/blog/?p=424
|
|
