[21726] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

IBM TFTP Server for Java vulnerability

daemon@ATHENA.MIT.EDU (Patrick Medhurst)
Fri Jul 20 11:33:42 2001

Message-Id: <sb5832b3.074@border.spm.org.za>
Date: Fri, 20 Jul 2001 13:31:11 +0200
From: "Patrick Medhurst" <Patrick@spm.org.za>
To: <BUGTRAQ@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Vulnerability:

The IBM alphaWorks TFTP Server for Java available at http://alphaworks.ibm.com/tech/TFTP  is vulnerable to a standard directory traversal attack (i.e. ../../).

Vendor Response:

The vendor was contacted on 19 June 2001 and responded on 20 June 2001 as follows:
"We will take a look at the issue and fix it as soon as possible".

Further correspondence requesting when a fix will be released has been ignored.

Solution:

None.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21726] in bugtraq

IBM TFTP Server for Java vulnerability

daemon@ATHENA.MIT.EDU (Patrick Medhurst)Fri Jul 20 11:33:42 2001

daemon@ATHENA.MIT.EDU (Patrick Medhurst)
Fri Jul 20 11:33:42 2001