PT-2005-2780 · Futuresoft · Futuresoft Tftp Server

Publicado

2005-06-01

Atualizado

2008-09-05

CVE-2005-1813

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions FutureSoft TFTP Server Evaluation version 1.0.0.1

Description The issue allows remote attackers to read arbitrary files via a TFTP GET request containing ../ (dot dot slash) or .. (dot dot backslash) sequences. This enables access to files outside the intended directory.

Recommendations For FutureSoft TFTP Server Evaluation version 1.0.0.1, consider restricting access to the TFTP service until a fix is available, and avoid using directory traversal characters such as ../ or .. in TFTP requests.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2005-1813

Produtos afetados

Futuresoft Tftp Server

PT-2005-2780 · Futuresoft · Futuresoft Tftp Server

CVE-2005-1813

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5