exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

93-05

93-05
Posted Sep 23, 1999

93-05

SHA-256 | 010fe54eec449059fd894abfe8625be74efbb7a3e0cfa2532d16ecddb8566c1e

93-05

Change Mirror Download
=============================================================================
SA-93.05 SERT Advisory
25-Jun-93
Protecting Yourself From tftp Attacks
-----------------------------------------------------------------------------

Recently a tftp attack was launched from an overseas site against several
AARNet (and overseas) machines. The person responsible has been caught and
dealt with. This person admitted using tftp to steal /etc/passwd files from
UNIX machines, and then running a password cracking program against these
files. Some of the passwords were successfully guessed. See SERT Advisory
SA-93.04 (available from ftp.sert.edu.au:/security/sert/sert-advisory) on
how to choose better passwords.

tftp is unauthenticated file transfer. It is used for booting diskless
workstations and downloading server code or fonts to X terminals. A man
entry for this service states that "due to the lack of authentication
information, tftpd will allow only publicly readable files to be accessed.
Files may be written only if they already exist and are publicly writable.
Note: this extends the concept of "public" to include all users on all
hosts that can be reached through the network; this may not be appropriate
on all systems, and its implications should be considered before enabling
this service."

From this it can be seen that tftp can be abused. An attacker can easily
steal critical information from your system if tftp is enabled and not
configured safely. Please carefully consider how you configure your UNIX
machine with respect to tftp.

If you do not require tftp on your machine, then it can be disabled by
prepending a crosshatch symbol (#) to the tftp record in /etc/inted.conf.
For example, replace the following line:
tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -s /tftpboot

with:
#tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -s /tftpboot

Do not forget to issue a HANGUP signal (as root) to the inetd daemon if it is
already running:

hostname# kill -HUP <inetd PID> {Forces inetd to reread inetd.conf}

Kill any remaining tftp daemon(s) (if any are still running):

hostname# kill -KILL <tftpd PID(s)>



If you do require tftp on your machine, then consider using the following
techniques:

(i) Using tcp_wrapper to monitor and evaluate attempted connections. See the
tcp_wrapper documentation for the required changes to /etc/inetd.conf,
and the correct format for the hosts.allow and hosts.deny files.

(ii) Run the tftp daemon in secure mode, by specifying the -s flag in
/etc/inetd.conf. (The flag letter may differ from vendor to vendor.
Under Ultrix, the flag is -r). This flag ensures tftp's root directory
is changed to the flag argument, and that the directory change must be
successful.

(iii) Use C2 and/or a shadow password mechanism so that passwords are not
stored in /etc/passwd.

----------------------------------------------------------------------------

If you believe that your system has been compromised, contact SERT or your
representative in FIRST (Forum of Incident Response and Security Teams).

Internet Email: sert@sert.edu.au
Facsimile: (07) 365 4477
Telephone: (07) 365 4417
SERT personnel answer during business hours (AEST - GMT+10:00).

Security Emergency Response Team
Prentice Centre
The University of Queensland
Qld. 4072.
AUSTRALIA.

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close