Remote file access : TFTP Directory Traversal Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.18262

Categoría: Remote file access

Título: TFTP Directory Traversal Vulnerabilities - Active Check

Resumen: The TFTP (Trivial File Transfer Protocol) allows remote users to; read files without having to log in.;; This may be a big security flaw, especially if tftpd (the TFTP server) is not well configured by; the admin of the remote host.

Descripción: Summary:
The TFTP (Trivial File Transfer Protocol) allows remote users to
read files without having to log in.

This may be a big security flaw, especially if tftpd (the TFTP server) is not well configured by
the admin of the remote host.

Solution:
Disable the tftp daemon, or if you really need it
run it in a chrooted environment

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-1999-0183
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0183
XForce ISS Database: linux-tftp
Common Vulnerability Exposure (CVE) ID: CVE-1999-0498
Cert/CC Advisory: CA-91.18.Active.Internet.tftp.Attacks
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0498
Common Vulnerability Exposure (CVE) ID: CVE-2002-2353
BugTraq ID: 6198
http://www.securityfocus.com/bid/6198
CERT/CC vulnerability note: VU#632633
http://www.kb.cert.org/vuls/id/632633
http://www.securiteam.com/windowsntfocus/6D00D2061G.html
http://www.iss.net/security_center/static/10646.php
Common Vulnerability Exposure (CVE) ID: CVE-2009-0271
BugTraq ID: 33344
http://www.securityfocus.com/bid/33344
http://osvdb.org/51487
http://secunia.com/advisories/33594
http://www.vupen.com/english/advisories/2009/0176
Common Vulnerability Exposure (CVE) ID: CVE-2009-0288
BugTraq ID: 33287
http://www.securityfocus.com/bid/33287
Bugtraq: 20090115 TFTPUtil GUI TFTP Directory Traversal (Google Search)
http://www.securityfocus.com/archive/1/500106/100/0/threaded
http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal
http://secunia.com/advisories/33561
XForce ISS Database: tftputil-tftpget-directory-traversal(48019)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48019
Common Vulnerability Exposure (CVE) ID: CVE-2009-1161
BugTraq ID: 35040
http://www.securityfocus.com/bid/35040
Cisco Security Advisory: 20090520 CiscoWorks TFTP Directory Traversal Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml
http://jvn.jp/en/jp/JVN62527913/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
http://osvdb.org/54616
http://securitytracker.com/id?1022263
http://secunia.com/advisories/35179
http://www.vupen.com/english/advisories/2009/1390

Copyright Copyright (C) 2005 Michel Arboi

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.18262
Categoría:	Remote file access
Título:	TFTP Directory Traversal Vulnerabilities - Active Check
Resumen:	The TFTP (Trivial File Transfer Protocol) allows remote users to; read files without having to log in.;; This may be a big security flaw, especially if tftpd (the TFTP server) is not well configured by; the admin of the remote host.
Descripción:	Summary: The TFTP (Trivial File Transfer Protocol) allows remote users to read files without having to log in. This may be a big security flaw, especially if tftpd (the TFTP server) is not well configured by the admin of the remote host. Solution: Disable the tftp daemon, or if you really need it run it in a chrooted environment CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-1999-0183 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0183 XForce ISS Database: linux-tftp Common Vulnerability Exposure (CVE) ID: CVE-1999-0498 Cert/CC Advisory: CA-91.18.Active.Internet.tftp.Attacks https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0498 Common Vulnerability Exposure (CVE) ID: CVE-2002-2353 BugTraq ID: 6198 http://www.securityfocus.com/bid/6198 CERT/CC vulnerability note: VU#632633 http://www.kb.cert.org/vuls/id/632633 http://www.securiteam.com/windowsntfocus/6D00D2061G.html http://www.iss.net/security_center/static/10646.php Common Vulnerability Exposure (CVE) ID: CVE-2009-0271 BugTraq ID: 33344 http://www.securityfocus.com/bid/33344 http://osvdb.org/51487 http://secunia.com/advisories/33594 http://www.vupen.com/english/advisories/2009/0176 Common Vulnerability Exposure (CVE) ID: CVE-2009-0288 BugTraq ID: 33287 http://www.securityfocus.com/bid/33287 Bugtraq: 20090115 TFTPUtil GUI TFTP Directory Traversal (Google Search) http://www.securityfocus.com/archive/1/500106/100/0/threaded http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal http://secunia.com/advisories/33561 XForce ISS Database: tftputil-tftpget-directory-traversal(48019) https://exchange.xforce.ibmcloud.com/vulnerabilities/48019 Common Vulnerability Exposure (CVE) ID: CVE-2009-1161 BugTraq ID: 35040 http://www.securityfocus.com/bid/35040 Cisco Security Advisory: 20090520 CiscoWorks TFTP Directory Traversal Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml http://jvn.jp/en/jp/JVN62527913/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html http://osvdb.org/54616 http://securitytracker.com/id?1022263 http://secunia.com/advisories/35179 http://www.vupen.com/english/advisories/2009/1390
Copyright	Copyright (C) 2005 Michel Arboi