PT-2005-2780 · Futuresoft · Futuresoft Tftp Server

Published

2005-06-01

Updated

2008-09-05

CVE-2005-1813

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions FutureSoft TFTP Server Evaluation version 1.0.0.1

Description The issue allows remote attackers to read arbitrary files via a TFTP GET request containing ../ (dot dot slash) or .. (dot dot backslash) sequences. This enables access to files outside the intended directory.

Recommendations For FutureSoft TFTP Server Evaluation version 1.0.0.1, consider restricting access to the TFTP service until a fix is available, and avoid using directory traversal characters such as ../ or .. in TFTP requests.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2005-1813

Affected Products

Futuresoft Tftp Server

PT-2005-2780 · Futuresoft · Futuresoft Tftp Server

CVE-2005-1813

Weakness Enumeration

Related Identifiers

Affected Products

References · 5