Tftpd TFTP server v2.50.2 and below remote exploit which allows any file on the system to be viewed and written to arbitrary locations. Fix available here.
873d353180f19cd2f3180436d51e6b969551726ec62331c1e8f534cb4d29e38f
<!-- Version = 3.3 -->
<html>
<head>
<title>SecuriTeam.com ™ (TFTPD32 Directory Traversal Vulnerability)</title>
<meta name="Description" content="Beyond Security will help you expose your security holes and will show you what the bad guys already know about your hosts and network. Use our Automated Scanning service to perform a full security audit of your site, and find the latest security news and tools on Beyond Security's SecuriTeam web site.">
<meta name="Keywords" content="Beyond Security, automated scanning, security news, security, hack, hacker, hacking, crack, cracker, cracking, exploits, securiteam, root, intrusion detection, windows, windowsnt, nt, server, unix, linux, solaris, sunos, aix, audit, firewall, scanner, internet, intranet, vulnerability, phreak, redhat, suse, debian, rootshell, maximum, tcpip, udp, tcp, cryptography, hunt, session, hijack, reset, ack, syn, rst">
<meta http-equiv="expires" content="01 Jan 1998 01:01:00 GMT">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta http-equiv="Content-Language" content="en-us">
<meta name="HandheldFriendly" content="True">
</head>
<STYLE TYPE=TEXT/CSS>
A:HOVER {COLOR: RED}
.links
{
COLOR: BLACK;
TEXT-DECORATION: underline
}
</STYLE>
<body BGCOLOR="white">
<DIV align="center">
<TABLE cellpadding="0" cellspacing="1" border="0">
<TR>
<TD COLSPAN="3" width="1" height="1" bgcolor="black"><img src="http://www.securiteam.com/space.gif" height=1 border="0" width=1 alt=&"nbsp;"></TD>
</TR>
<tr>
<td COLSPAN="3" style="PADDING-LEFT: 4pt">
<font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#0000ff">
<a href="http://www.beyondsecurity.com/" style="COLOR: #000000; TEXT-DECORATION: none">Beyond-Security's</a> <a href="http://www.securiteam.com/" style="COLOR: #000000; TEXT-DECORATION: none">SecuriTeam.com</a><br>
</font>
</td>
</tr>
<TR>
<TD COLSPAN="3" width="1" height="1" bgcolor="black"><img src="http://www.securiteam.com/space.gif" height=1 border="0" width=1 alt=&"nbsp;"></TD>
</TR>
<TR>
<TD valign="top" width="190">
<BR>
<font size="1" face="Verdana, Arial, Helvetica, sans-serif" color="#0000ff">
<a href="http://www.securiteam.com/" class="links">SecuriTeam Home</a><br>
<a href="http://www.securiteam.com/aboutus.html" class="links">About SecuriTeam</a><br>
<a href="http://www.securiteam.com/askus.html" class="links">Ask the Team</a><br>
<a href="http://www.securiteam.com/ads.html" class="links">Advertising info</a><br>
<a href="http://www.securiteam.com/securitynews/" class="links">Security News</a><br>
<a href="http://www.securiteam.com/securityreviews/" class="links">Security Reviews</a><br>
<a href="http://www.securiteam.com/exploits/" class="links">Exploits</a><br>
<a href="http://www.securiteam.com/tools/" class="links">Tools</a><br>
<a href="http://www.securiteam.com/unixfocus/" class="links">UNIX focus</a><br>
<a href="http://www.securiteam.com/windowsntfocus/" class="links">Windows NT focus</a><br>
</font>
<form method="post" action="http://www.securiteam.com/cgi-bin/htsearch" id=form1 name=form1>
<input name="words" value="Search" maxlength="100" size="10" >
<input type="hidden" name="method" value="and">
<input type="hidden" name="format" value="builtin-long">
<input type="hidden" name="sort" value="score">
<input type="hidden" name="config" value="htdigSecuriTeam">
<input type="hidden" name="restrict" >
<input type="hidden" name="exclude" >
<INPUT TYPE="image" SRC="http://www.securiteam.com/search.gif" BORDER=0 id=image1 name=image1>
</form>
<br>
<!--htdig-noindex-->
<div style="FONT-SIZE: 9pt">1. <a href="6R00B2A60E.html">LiteServe URL Decoding DoS</a><br>
2. <a href="6D00D2061G.html">TFTPD32 Directory Traversal Vulnerability</a><br>
3. <a href="6C00C2061A.html">TFTPD32 Buffer Overflow Vulnerability (Long filename)</a><br>
4. <a href="6G00H2060G.html">IISPop Remote DoS</a><br>
5. <a href="6A00B2060Y.html">Perception LiteServe HTTP CGI Disclosure Vulnerability</a><br>
</div><br>
<!--/htdig-noindex-->
<img src="http://www.securiteam.com/email.gif" alt="" border="0" align="left"><A href="email/6D00D2061G.html" style ="FONT-SIZE: 10pt" >E-Mail this article to a friend</A><br><A href="mailto:comments@securiteam.com?subject=TFTPD32 Directory Traversal Vulnerability" style ="FONT-SIZE: 10pt" >Send us comments</A>
</TD>
<TD rowspan="2" width="1" height="1" bgcolor="black"><img src="http://www.securiteam.com/space.gif" height=1 border="0" width=1 alt=&"nbsp;"></TD>
<td>
<TABLE border="0" style="MARGIN-LEFT: 4pt">
<tr>
<TD colspan="2" align="middle">
<br>
<!-- Ad -->
<center>
<div align="center">
<IFRAME src="http://adserver.matchcraft.com/adserver/layer/SecuriTeam/Security!20News!2c!20Tools!20and!20Reviews/468x60" marginwidth="0" marginheight="0" width="468" height="60" frameborder="0" scrolling="no">
<SCRIPT language=javascript>document.write('<SCRIPT language=javascript src="http://adserver.matchcraft.com/adserver/jslayer/SecuriTeam/Security!20News!2c!20Tools!20and!20Reviews/468x60"></SCRIPT>');
</SCRIPT>
<NOSCRIPT><a href="http://www.matchcraft.com"><img src="http://adserver.matchcraft.com/adserver/redirect/MC468x60.gif/SecuriTeam" width="468" height="60"></a>
</NOSCRIPT>
</IFRAME>
</div>
</center>
<br>
</TD>
</tr>
<TR>
<TD align="left" bgColor="navy"> <FONT color="white"><B style="FONT-SIZE: 12pt">Title</B></FONT></TD>
<TD bgColor="navy" align="right" width="10%"><FONT color="white"><B style="FONT-SIZE: 11pt">17/11/2002</B></FONT></TD>
</TR>
<TR>
<TD colspan="2" align="middle" ><B style="FONT-SIZE: 15pt">TFTPD32 Directory Traversal Vulnerability<br>
<br></B></TD>
</TR>
<TR>
<TD colspan="2" align="left" bgColor="navy"> <FONT color=white><B style="FONT-SIZE: 12pt">Summary</B></FONT></TD>
</TR>
<TR>
<TD colspan="2" style="FONT-SIZE: 11pt"><A HREF="http://tftpd32.jounin.net">TFTPD32</A> is a Freeware TFTP server for windows 9x/NT/XP. It provides an implementation of the TFTPv2 protocol (specified in the RFC 1350). <br>
A vulnerability in the product allows remote attackers to view any file on the system as well as write to arbitrary locations.<br>
<br></TD>
</TR>
<TR>
<TD colspan="2" align="left" bgColor="navy"> <FONT color="white"><B style="FONT-SIZE: 12pt">Details</B></FONT></TD>
</TR>
<TR>
<TD colspan="2" style="FONT-SIZE: 11pt"><B>Vulnerable systems:</B><br>
* TFTP32 version 2.50.2 and prior<br>
<br>
<B>Immune systems:</B><br>
* TFTP32 version 2.51<br>
<br>
<B>Exploit:</B><br>
Getting files:<br>
<I>tftp host GET /boot.ini</I><br>
<br>
Storing files:<br>
<I>tftp host PUT myfile /boot.ini</I><br>
<br></TD>
</TR>
<TR>
<TD colspan="2" align=left bgColor=navy> <FONT color=white><B style="FONT-SIZE: 12pt">Additional information</B></FONT></TD>
</TR>
<TR>
<TD colspan="2" style="FONT-SIZE: 11pt">The information has been provided by <A HREF="mailto:expert at securiteam.com">SecurITeam Experts</A>.
<br></TD>
</TR>
</TABLE>
</td>
</TR>
<TR>
<TD COLSPAN="3"> </TD>
</TR>
<TR>
<TD COLSPAN="3" width="1" height="1" bgcolor="orange"><img src="http://www.securiteam.com/space.gif" height=1 border="0" width=1 alt=&"nbsp;"></TD>
</TR>
<tr>
<td COLSPAN="3">
<div align="center">
<font color="gray" style="FONT-SIZE: 8pt">
Copyright © 1998-2001 <a href="http://www.beyondsecurity.com/info.html" style="COLOR: gray; FONT-SIZE: 7pt">Beyond Security
Ltd.</a> All rights reserved.<br>
<a href="http://www.beyondsecurity.com/legal.html" style="COLOR: gray; FONT-SIZE: 7pt">Terms of Use</a> <a href="http://www.beyondsecurity.com/privacy.html" style="COLOR: gray; FONT-SIZE: 7pt">Site Privacy Statement</a>.<br><br>
</font>
</div>
</td>
</tr>
</TABLE>
</DIV>
</body>
</html>