| VID |
16031 |
| Severity |
40 |
| Port |
69 |
| Protocol |
UDP |
| Class |
TFTP |
| Detailed Description |
The TFTP service allows access to files outside the restricted directory. Most tftpd implementations restrict access to files outside of the tftp root directory. Some older implementations disallow any files with /../ in their pathnames, however one allows remote users to access files such as /etc/passwd by prepending ../ in front of the pathname (../etc/passwd).
* References:
http://www.iss.net/security_center/static/308.php
http://www.cert.org/advisories/CA-1991-18.html |
| Recommendation |
If TFTP service is not required, disable the service.
To disable the service:
Comment out, or remove, the line for tftp in /etc/inetd.conf. And then restart inetd daemon.
-- OR --
Re-install the latest version of the daemon or upgrade the OS's distribution. |
| Related URL |
CVE-1999-0183 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
