| VID |
16108 |
| Severity |
40 |
| Port |
69 |
| Protocol |
UDP |
| Class |
TFTP |
| Detailed Description |
The TFTP server is vulnerable to a directory traversal vulnerability. Trivial File Transfer Protocol (TFTP) allows remote users to copy, read, or write to files without requiring authentication. TFTP is sometimes legitimately used for bootstrapping by diskless workstations. The affected TFTP server could allow a remote unauthorized attacker to retrieve directories and access arbitrary files on the host.
* References:
http://www.cert.org/advisories/CA-1991-18.html
* Platforms Affected:
TFTP Any version
Any operating system Any version |
| Recommendation |
If it is not required, disable the affected TFTP service.
-- OR --
Install a more recent version of the daemon and make sure that its home directory should be restricted to a specific directory such as the followings:
For ULTRIX:
tftp dgram udp nowait /etc/tftpd tftpd -r /tftpboot
For Sun Solaris:
tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -s /tftpboot |
| Related URL |
CVE-1999-0498 (CVE) |
| Related URL |
6198,11584 (SecurityFocus) |
| Related URL |
(ISS) |
|
