IBM TFTP Server for Java vulnerability

From: Patrick Medhurst (Patrickat_private)
Date: Fri Jul 20 2001 - 04:31:11 PDT

Next message: George Staikos: "Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)"

Previous message: David Sexton: "RE: Firewall-1 Information leak"
Next in thread: John Schultz: "Re: IBM TFTP Server for Java vulnerability"
Reply: John Schultz: "Re: IBM TFTP Server for Java vulnerability"
Reply: McHugh, Sean: "RE: IBM TFTP Server for Java vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vulnerability:

The IBM alphaWorks TFTP Server for Java available at http://alphaworks.ibm.com/tech/TFTP  is vulnerable to a standard directory traversal attack (i.e. ../../).

Vendor Response:

The vendor was contacted on 19 June 2001 and responded on 20 June 2001 as follows:
"We will take a look at the issue and fix it as soon as possible".

Further correspondence requesting when a fix will be released has been ignored.

Solution:

None.

Next message: George Staikos: "Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)"
Previous message: David Sexton: "RE: Firewall-1 Information leak"
Next in thread: John Schultz: "Re: IBM TFTP Server for Java vulnerability"
Reply: John Schultz: "Re: IBM TFTP Server for Java vulnerability"
Reply: McHugh, Sean: "RE: IBM TFTP Server for Java vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 08:05:39 PDT