CVE-2012-6664

Name of the Vulnerable Software and Affected Versions Distinct Intranet Servers versions 3.10 and earlier

Description The issue allows remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands. This is due to multiple directory traversal vulnerabilities in the TFTP Server.

Recommendations For Distinct Intranet Servers versions 3.10 and earlier, consider restricting access to the TFTP Server until a patch is available. As a temporary workaround, avoid using the get and put commands with .. (dot dot) sequences to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.