| VID |
16063 |
| Severity |
20 |
| Port |
69 |
| Protocol |
UDP |
| Class |
TFTP |
| Detailed Description |
The TFTP server is running on the system. Trivial File Transfer Protocol (TFTP) allows remote users to copy, transfer, or write to files without requiring authentication. TFTP service has been used by an intruder to launch the attacks traditionally.
* References:
http://www.cert.org/advisories/CA-1991-18.html
http://www.ciac.org/ciac/bulletins/b-44.shtml
http://www.ciac.org/ciac/bulletins/ciac-05.shtml
http://www.ciac.org/ciac/bulletins/a-21.shtml
* Platforms Affected:
TFTP Any version |
| Recommendation |
Disable the TFTP service if you do not require its use for router configuration and diskless booting. If you cannot disable TFTP, ensure that it is running in secure mode.
To disable TFTP service, comment out the TFTP entry in the /etc/inetd.conf file (or similar configuration file used by your UNIX operating system) by pre-pending a pound "#" sign to the line beginning "tftp...". Consult your operating system documentation concerning tftpd for additional details in disabling this service.
To ensure that the TFTP service is running in secure mode, ensure that the "-s /tftpboot" option is included to the line beginning "tftp..." in /etc/inetd.conf. This option will allow access only to the /tftpboot directory. Example lines from /etc/inetd.conf might look like:
For ULTRIX 4.0:
tftp dgram udp nowait /etc/tftpd tftpd -r /tftpboot
For SunOS 4.1:
tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -s /tftpboot |
| Related URL |
CVE-1999-0616 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
141 (ISS) |
|
